pki-ca-10.5.9-13.el7_6$>{*풂va>7?d   D        ( F L Tdd d td d nd q(dvd}ddT\  4 (d8l9@:GJhdHOdIUdXVYV\Wd]\d^vbzFd{e{f{l{t{8dudvX wdx,dCpki-ca10.5.913.el7_6Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * -pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.\.x86-02.bsys.centos.org$CentOSGPLv2CentOS BuildSystem System Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch=m)?1l[#t#1J6 ] S }F}F+ g%~~[G7(b)e%{xZ_,,zb+z 0foxJ76'P8bu}E% *S*L$,kI,A,:+A+3u9 #%##"vS "`./9/]   Q q >#E/#+{B/'m)H nrtknvpyi  *L*?5%C%c*m;c=O? 9%9Q][  T \71 0VCCF6CQ& "Y"\><bc q  dF r- ~->E,g=tB 1"?%I7Px]%A큤AA큤AA큤A큤AA큤A큤AAA큤A큤AAA큤A큤A큤A큤A큤A큤A큤A큤\.[!T\.\.|\.|\-\.|\.|[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|\.|\-[!T\-\-\-[!T[!T\-\-[!T\-\-[!T\-\-[!T\-[!T\-\-\-\-[!T\-\-\-[!T\-\-\-\-\-\-\-[!T[!T\-[!T\-[!T\-\-[!T\-\-\-\-\-\-\-[!T\-\-[!T[!T\-\-\-\-\-\-[!T[!T\-[!T\-\-\-[!T\-[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\-\-\-\.|[!T\.|\.|\.|[!T[!T\.|[!T[!T[!T\.|\.|\.|\.|\.|\.|\.|\.|\.|[!T\-\.}[!T\.|[!T[!T[!T[!T[!T[!T[!T\.}[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T\.|[!T[!T[!T[!T\.|[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!T[!Td6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00ebc9f4fe357967b70735e8b1091f8429563a9849391c931795aad650fa346f84f1c0db21c1fc4acad6d16f5e0260cba0977a50fc158e19852e36dea21e4cdfd8e0c582ecd379d442745e4dc6ecdb90cddabb88b8105da6d2a3afcaf947850c0fc11a3352de540f4e0681ebceae86ef8e7e17c4f8c0f90d500629111f5d265f25386fa50072f26ec25460e3bd969ef5200c3454c02dc9d2a1e84fc0cc57eeb3835e785c0a3c0f8351c3e3c8dc0d0cc2d164241ab800c121fd3c40147d63cb5139f400b2c58282cc5958a930f3b3c7c0379fb101fcf612156c27ee2dd8ac254248d5a1829bf1b3c216ae4c9d4ee066772bc7f5afca577935c229d9bfdf80d75cb7d0aeb78397f439d16d5b530d8b81c119af865c0898e02a33b17d28d0bc57ae9c82a158a8f0949c10819f646d42e8cb710ebd844362d97695eec5a6a523c9718a1aed1ca83010bd139dcbfc328398007d959d275a78df0c0208c207e960ea669ca55436dc0723559afae54e63e48d826c2ee0ffd98b3233b8c132be6ea1540cde549ab16a5ee0b53ca839bcc06b9c268ac7be7c8186aa4392ce0c663460c019e4cead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676449f0101595c93b29c3402277811f70fa75237715687fc5dcdcab36f7a7c8dd72da64a1f054f16eb1ae49493bbcbfa138127db6a09fc946014a1d137d40ca2d5c27ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefeb760a2dee6aef9a244f84690b0e80d22f419f277d615a90b129483aa669128f62024c52fe492fc10e9af7a7f3dc2f08daed6d3f5bc13ce0c8bdda30b85f0c69ab635b3107b5f152b0d109c594d30b345a411367f6225df121e338c02536f4dfd9d68f40546ce9caca6b76801039b97b1a2c53cb0975fd3f31dac9584a8a955704363832241c679cd009399b6934aeedec0b3755f83bc09a35cd5a292cf19b7525e0bffd207c4c5b122b085f9129e0470df5c37cc534df4e30ec140a9406a2850767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031d37b0ad740db9a30932ac53203a46c4e4fa701f891d74fc185fcb8989f45d28cbcace48ed94b1a6cf7171f5ebe150102c2cde343df5b89acab2c2a6c29b9a04d448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898c26d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac93f9de3ac67f7ec677ec54d3e5cda612b21511aefd19e338c7f06a05c29006d6be1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b1dd2dc066f3dc6e0a46b42f17b9fa4c739b1cbf2c27cc9197f6900945a14f7207dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c208143ceadf7a4386c8b19a8dae483ad52f07039a7f985a5a012116a83883e9d4b788f7a808a87edef183779c0d3a4609363857aa1c21aacb86257582c018280d9d2cfc0e1f19c31633f0c71cca13eda286d22f389ce2bebcf1d29d022c94a9b98ccec6ab0adfb82d3929e5d571d2157ef9a4f77464b001ce8efc8319164394d24cc15bf06ff8deef0927b695d326de82058ba233500878642d560d2bc0bde3ebe95a1c60cc56866c750a59a70c6c134ea6459a77a973abc6953b85309f450a0225274f6866c00a09bc7b40baef850cc8c932dd5ec5b3666c1854665fc8314f568fe5c75ff340c4644dc3499e6b91f1321a1e4ce4f3dd892e93d10b3ca6cd22b741cde4e4825e5c30f60418a624f71213672f8040d0abce578035e96d3cfa8de606de27d407a3f3e9a4650c1c1b49be68239732577372cf2638f71daecd3d9292b015b7cfeac0813d63b114d76e67a8c22c532fb7f106404980376d572db56a38d141c99eb75104d02d3384b36b75f08d4d13f4cf24e42364783df0678c22541bf7e72fc1b0d55c2c7c01b8a0431a070a2410fca6f1c57e22fd46e46ca8d70c901d805f3129d3d149048bca7afff85777cf6f6b502dfc4253a442b2f7a9b00f0d5b1cb51d5103d982fe861db8608b9edb8e6a32969827fe15e870062c2098dcfbdfb0449d1ca26f2daaae39a9311c9fa0dd5b893f2d5129603101c157a5fb796c27d5f9419ea7524076f8a57670bc6f788415eb5690027ef28cc39ce90569d3380048f939487192af8665cda4b1b35b3dfea4a1c88a3fa4f052a3bc35163175399b6e65e4554f66f7d822b2a27361c9c86c7c9560a3c110f75fdbe0439a989bce076df1d2b34c197e900b7b4d2e0476aece85deb1df7d3f3e3740c40a7701995a24819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d4f27679bdb8f5e22e5f5623a74dbcda8215e1909aec6d2505892815dbd40c28931a3aa4dc5921c73ba193f68279daae894ef8af35f159e5ddada1e021aad9e9667a9c2f38efb90b6c24f51d41dbee3f3c346121658f5684e87d429c23a5bc49642b2003d3f805f392607559ed637c22974104ae7d4b5b88b111123db4809082d0f8ee5de3a92fef6b095b834c2dd5ec6c40df918fac07d177bbf434d2b510579dfe269c7f1960df6caedc2f3692eee7091fe359a17bd5559408927e255d762599d4b4655eecc878c1f117bff3640f17544c97364564e4b8e1131f647469468ac8b98bae2e037dcbef1de8eb0f38442e4c7dc024cc5da72898d19f68b8c50297d95b807591f098bd9a92be058f06cd18e076c431b88352201c21d594372d91c650c283fff6879a0b3247f04440a68d98a9deaad95fb463171008420832e7887c33a299c24ef69dd7310d4cb5f802827678c6d7ad7416ac1650da7ededdd1e91128e35e898cc31c4fed5f61bc2e2cb1ec2684aaab5f4a94b3cc5e84d42a84ba57d7d2d050b1ac4574a95547657812d919aa67d3cc17fad85c654e07bb16d8e5626a15b3831ae5fca439f780bc42ea11a05c5cdace1aee43a44102d7464f99f5f4a9f410e0c510402b3afee5025043ed21d22539fa3c0ee158306802cc6a503704a7b2e29c02f8f828bc173cde8a4c84b3b89b5ba563e2971d788f0457431e48b037a2ba523a398b6eef9396b5742d8aa7836133ecf70521ba6fb92bcbd6bf9ccc1abba3f9952ad3f8b9607d631b7c81eb29c8a67291ede8108d056535e598eb1bfe09e39d96c5dbad89b4150cde9f1a03f197b83ca2e4cc50edf44962834813f62a01fe68f324ff4944b30313f9a3e5c5653aae04dbfb1f6c6103de05fe49412fa73129b301e02d384032f942e8f6230fa47c38e2d46a139cf67edfea801e6e2cb9d4dc74c7f55a5fa8279332a8d9d9b14a2064536946e146ef6f13e47ea8882c61bdb1b53aa72d0876c47446ce5720c0254a1169c9715dd1ed7e38beb6d5989320ddcabe2e59a209706beacd214bd086484765ec380d412eca3e8e8d94168387f25227f78f8984070a35f6d12dbaa53b68db1f959601d93cd4116518abe99ab7dcc55fa24ef8f29cb36fc3efc8d31433c21da3cdc7d34b9419be658f77b1679883b53475e19ac1d885575ed8fd1f57b816fa4c39ad963db7af6201cef60c2212bcb9b1264e5b18901a9d6564d44486b891f48e7eab808db0b4657882b46208bb6ac06404bec58bc67603c82f5aa843f8d6a0932888960673ccaff71f3a56334c73021a9cd152d5f2f45cd84d76d5d9b2012793b7cf442bc9b59229542b1abe7c1c069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f68798e2619ed8cbabd811ee5c8d0ca7e626402ca55f2c3fa970f32ab7c316b2a8d5d4d69a75b878b4e1946387fa6a3706d02ea456fe19b71853b81a878b883dda336b0d4dd3d7f01030b858e33670175f53907a29f8274650e18882b6d66b764f3f75cf53c764ffbcb836b094b4e17ce7756752c89cfa1f737754e7a643f5e988ecc541a4aad51af047ec1e4d89e6d0b466a2b4b5c693aa295649d4c4bc3d716c9397ef5d9b0f4d416a8bdf8f4f0c2e8fcb6a2af6e77b23b916b1c96a1a203633f0bbd917d2bf9eb5a64b45b7deb287801a3468ce15c19c3abc1a8658a66b78ee0b0199ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018feecf3d85f33ab93a1a8eda5c558d6b58645d65a16f751ba49cd2f38d722f7f194a8f0e34e2bfc62b110b7684acbc69634cb1f3bcf794758933c1473a7c76ce5636f3c0e875934735735e2db4672ec26b0aecd71513a79bed49c7b7ea5c5cd37f8ee461c0b933bba0823e8cd935dce4511eaa3c9eadb61383dd9912cead9ff1ebea43bd42c72c877ce5b21fb4116fca2e25685173e25371b56d4164d378dd8784f0953d6e2c6c8829a2ce64212275c8ae0b5c8bf1c111a1f0aa4de5c57595fe23eaef3d7f0b60a6f59f1d19ed845bb8eb80999b8d5f95e01c28f8a027ed715ee2e70f196246ff270db8566b5229dcd8c978fbfdd8f45970bf5c940ee56ac2266819112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f72cf4dfe9c88969bbd762c45a42b91b1396ad011b51fd338882a6ab602315cb7bff682ca2f5a26424d7ab5ce178c5b9e9a25d855ffc52e1b5dbc957142da46ab2e7ed49d41f75099bbb3998283617c5f590304ec64602cfb558ee28a6627008f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e2ae72a904bc8e884cdc3e881037753f8918497e4ba574e2ff864e763a606fec3c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617daad735276d8f629cb6936827ba522b93d7c51e58390c8c1684fa41cfd7868114935a11ddd421f4f82e7bdef41b3a248dd3c2276ff47446295aa34a1effb6e8e67e6342a29b068d647a27a919928efd5f2b1d22b27fde5aea876d77b345912d7867773345a21b121518fe70a56bdc8c7683cd6883b74781267b6223503405827dfe8e98d26730ff60f728d0e080cf63e44ec0bc72932c375894c729bda2b364a1272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a131ab78fed3c28ba57a9b787edccc00ef37affcc97ec2533c8c7da5fe36aebe0ec8dd591db70d50dda2f299e8275406d7a9bf51b0658585a85feedae530189b95f4ccbedef04351ee61678ac468a29a45259542db3f0064ece7bc6c142a5c837a3f1dc88f8cc2e6060172097715954ec0ec652be99031c4992cd6f36eee6c911a9ab190ad2b2d7035c3b6210bcad1b5bd0d61ca737bf71e916f427c8d31608979a229f9453b1a59f1d9745792e11756f8bade632479f283837a0631512f8e5bccfd1c96626614cda4cd142db5f002bafe95c0be41773d65be80d2e4893087bba63a5f40732a33fabdfe321b102c6ac91cb5a71f653bed7ff0363414697b7188d9bb18c6f876290819145fa62b01487d8d336ef7432108a27ff2dcd1c2a1f928d33de86710f05b5cecb5d841822f94a7c87dabfbf16c2140c606ff3a9be325ad994e8bd6d02323c345a7f33b818493827c28b14cbda8196220c04eab3503e0d4a472ba33f7e7bb3f70f202bdd1c22e5f4c009aafe30d35304be91d9cc0df86fa67186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901db8b5efddc795489b9971b83de53181631fafa8a4ff4e947ecaba4221b793786563b3dfdcd62f39e7ce4cc095102ec2af345a2dfd680dcfbaa5082bb2aa760182b34c5011b9d513f45561ca7912338109e1f053dfb2eba6c189f36043477b7e9c5f6bd93049e6a50aa4e2ef845c2ecc57b7c6af0b530a0483ef356a6b25403c4e7be438f97bc93e0db6beaa8b18530bdd0437eaa1597c589514b45e8d0b2b37490cb979956f60e953d627512ccdddd9603422e3a31e8c7a198f7adb725c2f5a449160bacaa9e40e728469050df5dc0481b3b19570152a01ee8c0dbdfcda5de202386dc5631c74d6d879ab522218c9dc73f6b56b65e84489ad6fa0c00b56ca99d16efc037493882bc2a7ff8684d7146f46f9c33f878ff7abaa21a236e737274c027ac570d8066c9a1e27d543385c08cc6e01c9f3970be6e184bda2b33b8b7d12c29844f5dfc4dc0a76253f66e30d55ac7cad9d54fb5ee25cfce90b2db8f1bb5542439a98e78f686688192339d5045c89a7c444ab265943e29e4ddb2814bbd2e5f32cd314bbad9a4fc256d21388e37ff2063355cfe40fd08e428eb00682c5b7121393548048afe663a7cd33536c81b530e559e6e8c13229f820c4dbc167383ba72607c571da9d704c39ce0b67c9ca6202bbcb92c26f338213043e3b36ab3fcdda487aca0e763cd5fbdf40ffb73006e3f1b38cafa9b2e48c19d616b701d439c6ecda6908a86cebf2bad69e4ebd837f93f4065b4d5ca11a5c0772167fd9769349be3ad33616e6dcd80b9daf13f9dcaf8ef6bc30f9e52df3da8ebe1393119b9b396c5fce3aba06387028fa21738a84e5d1c9ea15e75ff88b8b61fcadad11071b6131243666e2e04fc44d87b070697da0b91df3053166ffbad3e9603e116474d44ba83c56270532c0fec2d29862bab16692a5cb07943d9ac3be7384125bf8a087b58a6ce9af014875df6e9c91933b0e915d18825853bfa5f6aaa24d91957003503006412ad601f7f6e5d950eda140367a30f221c31008caf4c2712002aac3a387a37a98578cefe64dde557a4e36f9818cb66b18192034981ae4b1f5f392384d5f85bf6b6f562f0533de650daadbec4a8dae34fbbb56e36f87e00e507633e8599a4a9b78b8a244521bbc3a3c1e46049181dde51098bfbd4aa1f52e2ec058f907286b4c87c6552b361d06eb8a0a4b26a327faa8d2b6d446ea046a8414183e0b21a470e83555ab6aeff375b5660ed4cb0848ef1590130b1b331b1557bf37ebc4ff6e1ee9d90dbcc3cc48b5ca5bce8ed7df74cc4c2381961c9c9efc99efa0e427e7e1587a4f6673040246e3f1b800ef36d9dd100432bb957e899c5c37ae69be80ed4bb982d2380769057cee6067962b4ffa4b2cf40a6e5a732493f054bd27796ad5d9efa55bc8f59fd674f2835d9c1e7b625fcf076e7817d0d08c6fff38325c95073dbf9cd23ded73a65a8e569270b03850a6b9a9eb862bbd4cc8188e703f0e05ce34668aff8ed106f92206e688e301a625a06506762f07a9aced94c1f6c2f093d41f08778e8ca9059c14f314eb6d925825f834405c62ca90be20333e09958ea265ef5f6c000c5b62200ededa13f8521e87f453fbf48d6083be597d8a680471b7d41d1faea8fa0a67d87b4e3b1ac73cb9dcc6abdab00609398306c79ad2768adf66a6c9c076fb1c0d411571546ebb06736357218e00172e8ef00ecdc92587e712d04091e7a5f7805c2dde8e1cde90c570948c508e1e4294e0a679ae5323d68f551008fd9fa0a70929e47b1da01f19b724c840eca1d58cd30f4dc0b859763ae3beebfae87cd34526fc2eca66ca591ffd53f81b025c989f94ee3622fd8bb54341da3aa03208fe8d183ef96002869cabe74e3c0d81b49d3acfa70bd9f087cca5f74ce5bc18ec1ccb624f4d281bab848e1c617e716e922028fafb014f7e5f13a3877108c3a7bb4d67dc80bf0bbbe00134fd976901defbf35e10746a7a77d6cc11f88850bc66c047b2005f1984deb400e1a5f8d832c6da04d11caa82e03bf1d00c372c789a7a437cca4893de17d17717535ca11d09774b350d4b963d18d0c3ff275027f968a2025b3a2231b0e1d136dd67f65ebd7933a7291fb2809e0cb0c9f6b5153baecb3827282e259c1dea0192efc2b69481ff941ff7247846c1cab4d20792509907eb91fa50c9135ffba3e38a8df976b6646bbc66608f845d18bbd167af2cb621bede3bb3567b41567657e76727f9791934052c688752bd07d4afcbd7df95a9ebcaa5795e30f706768b4012c802aaf1fcd6e99814067613394950d130f61d06f25f3257278f90c791ffbad5b4ea62bd5a75035961619eb55973afae64b64b9130d3aab85b28d866416d91896845f4607d2099de578dbb060ddb83ad681e6ebeb51e184a4205c01dfd6652544a65b8d1895d26ee151f79dd076467a2655dc6a388db93697bb97dd2f128cafed56e22d589cf18d3a8117b8b82ec7840c34a149b833038abb5c1e08d3d1a22190b2b11debeb23ce1788f781d2ee4855bbb5b5b199bb08462c43558f7fdb0b4af9b879662b638abe8f56bbaca7f27d090c6cd68949a7f2e6dd41925503abf396908ebdfbe5ad1f2a628ac0fccff016e72febcd204a038d3b1bcf00f554cbe65b72a0f5c6e785d27ab6c76f9985162e4215c5b0a05c560b7ca085d6662f475887ec86730cebfc26a446ef314e84f39e2a916584c14a57509f6007d0e1883246d746a8f0544e6ed4a33dec754464db0852baa1d62df4b1460e09c277a63ce8fcecd84fd5eb127fa3a532265fd8ec62aff59246cc3e0c538d6a720f121ec7a6c61d2178a7b914c9d7aac0fe2d0ee640061c044bfd8a20e46587ae276332f2b4c58a1a4355c85cfd5b6b37aa2b11a9d50b6b0c7a98bfaaf9467c54a80a603c94c292eae73c5ae04a6eca92e9cefb27b28c70b9b6575b8d020edc0182c327c2cdc0a683ca9f527a435fa54da421a75f0fe67d39eda25030c1dad75431e7bfbd216132b8faea363a675df98f0b7571dd667d86753584d052c6780fff621a2f6010325e8de9871d68d2d176f892fa0e4d1714da27e72a8367734d4a1d8fac65c88c70591fe094e5cadb73b5437001bc3a9775233b9e1a6eb144df5454258bffc3ab3f6a3adbeccc4ba1618b73dc55bb5ebd698940a848814cb57cb1f140b0cc9a2bae31e5d9907c272db063731e99ea2be881be14106a43cf9deed98f1e580314927e2ac05431f3609635cf9dc1bfffee3d14836e3b5620b8f7d9e5420275dfde55010069686441ab85191c777c672e4c2fd5c43e9fa587d87623d3ce557186e454bf11475fb89e70283aebd7d3b913baa865e57d465418ac32295631ab8fca203559c8bfd115dba0a393f9f573f8a100d9302dee0f78d3207bf2a4c02828b50cd72eadcd56594e2ce0cf4a266132526e7735f8d70abe796dc6ea68723b9902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd594901b49f79539224ca82db1a18cb19f706b20bfb31275e009c30127184199ee28bab665e6b28eeb70fdfb406fc715536773628274003066aefcfc27da268f50bc45154481c944793a119c342103c58aa95667e9c067d65e0b8d63e90c24f32285ad9bb97edd4626c9f3fe213675e77a8b89dc0064e69d17760c49f539df7f6f264669c1f516d640fe9809bf2e63ceb40100ce610aef9fc4ff097abf5e513554ab3aced21e85b958da061a7d2de3f534c579f55a783af34ee1f115595c998f32f2fe5b16de77414be3c1dbe1233334eba30a14bb7b5fa3e31571f6d6219dfd34f496912e07806d8b1f8a1c0cff9f42e6433837f7f2f318a9c03ee8a947ba0416590c87e3511ada3b8e3dd85c772c4fa857de75a0d9aee3a4f3133678f99fa30519a870f7110c082dfcf32eb01c004f6e9d6c1b3e108984f9177201408040b10dd5aae45bc58305e847bf7ba35c3f97bd413925c7094c9cb9e54a9c825367c59068423a2d871e85613498231e9f4f83f178ce9cfa85da466376567cb38142168fd804c0067b93558cd2e0d9e8807e92def408b8eb3efdce5ca51d392e7bf06b7b7d5aadd05227d28bfe1e6fdd68e2c7a8f275a1d359c60fd4f3a95078c131ccf6a47b40b799d9b581379b3321c1591c48e9b3561c137a48c447b51a1b2758a7728d57dd7ac9cff1db3a58000b9c1fe32d7dd59631fffc1d5425dbd75fb4f5e99ba7c902bfa413c7237cec4bc0cf0f59f17d1fc4959b7661aa89373efa9bfd5bc9403d82743aa179b0610a98eda4b028251df592cac0cb95d8d37720f88345d471da63526b6ce8a0f19f9cf0326784128890105e9bd0ac1e913d2e42d5c01cd9c8f8574e6d7d9b362af55379c8abd0ec8296f01340f2991eb274effbb0943d386716df1fa2dd0fb957b3f79b13cba530f693b50f84234f3299d45e00fb4be60cd95d2ac4101279fad4fdf9510d2988c139ef32593b2255d74660095f38321ff6c300555c60045434f12d9e68f6f28896adc7054788724bc34c704ce8c1e2f3f5fe90174ecefecb37ebbfed41e030bfca7ac60f6739e123478434534f5e60fa3733b81177e63fc956191312c831f77d80837c61771a3d4d6d646ae0ebd9de19f2d1c93edff35a2fc6a00481a5b3919bd6883f7619d1a05c62be002110032daaaff23f0efda24c4d4e472c9a35934a2db4ed4f5ad94b9eadc689b0368ccbb1314b5993c9e33ead8aaf6c1d937b7f500c760c15fcfbd8f7ef74c9a76397bb8dff93ffc16df95866d15efca4e9bec6b29c6714e527c0f1ead076eb9fc48f233c3f337f958d4e0673ed79347caeba4b7e7ef85cf92a6666b9a2f4ced866ab018915108c754d5dbf4b92bb761d8f519922d866943cf5d07150192ff373cca89881d43a3e68d96184142fcb5391ce4431630f1217d65cd1f6a7a3b5a4a63c615bbfc018d5cf5c0e8448edb5e8a834506214be78b70dd45bf3e5925fa3fe0c0c6410c017cc6e6abf19d91086ce880a7a6bd91c1a5bf27c0c3d01e4e646f7617136f75c6876ba7e9bcf4d6ade0a422df2c6f8bfdfbaf7fb658449d365321112f1186e497a89fb426e659391a6ed4a0788280982337207ce1ba6382cc461026e46132f6ede248baebf4fa9223e88ba83c3aa7ba193776ab336d42955bba1fc047326d615d332a5140e09ccf4b4f233fdcacf30f533b5f15c9ef7826ed14382cd31bb55b743ac7dffc03ad234d2d5566157b62ffd2426d5cb6a44fbfbe381a1808e529f26765ba9e05e56b3b06c842124bce70635f166ef1e609e99f8ba41844e9faf93bb7a3f81d2e8d8714f4727757ce02e32971f76b129fd97deb4ef3d565c4a58d387d296f5e2ae411ca8b5ed340056f76bd372ad23f2cc8c24febb3e836cee9b377076fc3934ab0df691855f8e19aa2413d7e54c00303b70dcfd28b0708974c470416bb08d86da68f1f5dbecb17fbf7e66f136977c1b5fff486b93d4760b608fcfad7d9e567f0283bfcd35006123d0fc54b0a0a0373b8ae38ec35200788f1c1d270cc00bfbee7cb65f762ec3bd80e439cd2efc8b4e6825279fb48d2d87190a75bda3aa29bf14c03eb115a5be6b291f7a9805cdaab6465c61d3290fe63d403be79683d806b12746c7d6fd5ede1eaf6e508e3a7d29023d7bea4db67a2337127ec0e911a346d8c582299ebe6de630789a99949982d29674be81e99c05f9167813a00afbacd30bd0763edf4dd8c10a03d16e92dcc6dbb27b0230fcde072e89f6a8581f1d4c5dba6603b6d5bde6d42f80a10ead1635750c998582d4c85a9da9283aa62616dd4bcbe8900f84d5171f9ab92db0f3b27571fde4562ae3c51d103ad83dc2febf8577c156a6447de30ca5a66f4e26961cf12fe84a11ec7815c19c02f1b793a0e91d7302ce9a650e13fb81fbd66d70f0f3d0852453201c93951888d8c785d218ed49f70b49ef56dd0bc07706e4c421dfa6625e1f1c25cc00f5c21b152f653d90cb879fd1d2d864c0eaea2527e7235f5ef357810d29ac3f21de79c2fe6cac5eb5a0f53d781ab4b78d65a1764e7e7626c31b779a8ac4ea0792e8cfa95001aef51535d7bd3718a575ec70d97531470731255e0f52a907b2d4ce36cbf059bc84d31ec949fdff5ea4c987f6cf58a2ad86bb944e011439a0431c8344fea545a0e3031b8e38f8c23767c6b67f36e1824b1b48f71b3dc52d8054317c281ac05eb8506c38368b37f732e55538534e6ce61784b30d5fd24c24062f8115e49ac49630c5e06fb91fa4bf4e046bf1169d8c217afe1ccb628d6dc722d255413ae0b658637effa7b39bf832bd1b0985ecda1e03bd067b178237fd89e2fdd6b958af8e32e802c52f725d0047f2c67a0435efee12ffa020736bee7e081dc7ca5b84a86e2a68ed1c6978a050f6077448b201d2d1c23e13e38a0df6de9a02033fc479bb9f37e6377b64a119436024d9a581c0f137add81539fe233ca5d947ed65c6cef9a6114fd6ed6ed6f6372e6ccc8e28e611e07bbf8b9c3695734bd4a1533a7c38b8c0696afe1c3949239c7653522e627fbfc8ad866648f71aa19abe71e20f50ddbf20de0d7273f7e6dd2a7fc14ef0693069e233c4243a39a6ace0cf7e38eb0988c7bd2c68f8018e3727012f2457fb91dd9470f0670e3d48e3144973967f7d31b318d8d7135566113eb5883ca541ff63f5a999a97b2a7a32029058010f7b7f1ce9e7918ed9e45408943b8f8bc606bffebeabbbd9bfafd8bd13cd66e3df6b4e77b3d4690ec1d5d5721c3caee7f629bf25910c240dc2f24d1e487e69ee2d54dfa0f74fd5364bc8b06d9efb836eb8857bc64b9264e6105b0652f2e1e4c9d31dfd0a06568238bbf6bc3d58ada9a7dc75a26de4e324f4b798b2d8938a692f25e82e3da8dbdb84b3e646de7fe0f80a185b7c69838603148905e9b55c58db1c3741e9b4fe0621bee7d5b5f7709f90bc0649902c09334fc549604ff49152c6ab93e45b2d09989ed85c9e8de26953bdf3a4b9385164e6ffdf7ed7d738e1d7d39cee2ab60f6a66893c10e12c81c6ddd59490171e2ad35b4241a19558c2d90110e52a291f4d25b917bf027deb77dfb03aa570cddf7adeb90dccd6ba965633c2cb28700fb70311cbfe3e7c67cae417c3c162b29/usr/share/java/pki/pki-ca.jar/usr/share/java/pki/pki-certsrv.jar/usr/share/java/pki/pki-cms.jar/usr/share/java/pki/pki-cmsbundle.jar/usr/share/java/pki/pki-cmscore.jar/usr/share/java/pki/pki-cmsutil.jar/usr/share/java/pki/pki-nsutil.jar/usr/share/pki/server/webapps/pki/admin/consolerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-10.5.9-13.el7_6.src.rpmpki-ca    java-1.8.0-openjdk-headlesspki-serverrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)10.5.9-13.el7_63.0.4-14.6.0-14.0-15.2-14.11.3\f\T4\R@\\U@\[@[{[l,[`O@[U@[>@[d@[@[o[@ZUZ@Z@ZZxG@Zg#Z.s@Z@Z ZYYY@Y@Y@YoIYlYGY>@Y5GY-^Y$$@Y"Y@Y#@X@XX@XO@X*XRXOX!@X&X2@WWҤ@WίW#W:WWt@W{@Wu WgWV@WV@WV@WV@WV@WV@W 10.5.9-13Dogtag Team 10.5.9-12Dogtag Team 10.5.9-11Dogtag Team 10.5.9-10Dogtag Team 10.5.9-9Dogtag Team 10.5.9-8Dogtag Team 10.5.9-7Dogtag Team 10.5.9-6Dogtag Team 10.5.9-5Dogtag Team 10.5.9-4Dogtag Team 10.5.9-3Dogtag Team 10.5.9-2Dogtag Team 10.5.9-1Dogtag Team 10.5.1-13.1Dogtag Team 10.5.1-13Dogtag Team 10.5.1-12Dogtag Team 10.5.1-11Dogtag Team 10.5.1-10Dogtag Team 10.5.1-9Dogtag Team 10.5.1-8Dogtag Team 10.5.1-7Dogtag Team 10.5.1-6Dogtag Team 10.5.1-5Dogtag Team 10.5.1-4Troy Dawson - 10.5.1-3Dogtag Team 10.5.1-2Dogtag Team 10.5.1-1Dogtag Team 10.5.0-1Dogtag Team 10.4.1-15Dogtag Team 10.4.1-14Dogtag Team 10.4.1-13Dogtag Team 10.4.1-12Dogtag Team 10.4.1-11Dogtag Team 10.4.1-10Dogtag Team 10.4.1-9Dogtag Team 10.4.1-8Dogtag Team 10.4.1-7Dogtag Team 10.4.1-6Dogtag Team 10.4.1-5Dogtag Team 10.4.1-4Dogtag Team 10.4.1-3Dogtag Team 10.4.1-2Dogtag Team 10.4.1-1Dogtag Team 10.4.0-1Dogtag Team 10.3.3-18Dogtag Team 10.3.3-17Dogtag Team 10.3.3-16Dogtag Team 10.3.3-15Dogtag Team 10.3.3-14Dogtag Team 10.3.3-13Dogtag Team 10.3.3-12Dogtag Team 10.3.3-11Dogtag Team 10.3.3-10Dogtag Team 10.3.3-9Dogtag Team 10.3.3-8Dogtag Team 10.3.3-7Dogtag Team 10.3.3-6Dogtag Team 10.3.3-5Dogtag Team 10.3.3-3Dogtag Team 10.3.3-2Dogtag Team 10.3.3-1Dogtag Team 10.3.3-0.1Dogtag Team 10.3.2-5Dogtag Team 10.3.2-4Dogtag Team 10.3.2-3Dogtag Team 10.3.2-2Dogtag Team 10.3.2-1Dogtag Team 10.3.2-0.1Dogtag Team 10.3.1-1Dogtag Team 10.3.0-1Dogtag Team 10.3.0.b1-1Dogtag Team 10.3.0.a2-2Dogtag Team 10.3.0.a2-1Dogtag Team 10.3.0.a1-2Dogtag Team 10.3.0.a1-1Dogtag Team 10.3.0-0.5Dogtag Team 10.3.0-0.4Dogtag Team 10.3.0-0.3Dogtag Team 10.3.0-0.2Dogtag Team 10.3.0-0.1Dogtag Team 10.2.7-0.3Tomas Radej - 10.2.7-0.2Dogtag Team 10.2.7-0.1Dogtag Team 10.2.6-1Dogtag Team 10.2.6-0.3Dogtag Team 10.2.6-0.2Dogtag Team 10.2.6-0.1Dogtag Team 10.2.5-1Dogtag Team 10.2.5-0.2Dogtag Team 10.2.5-0.1Dogtag Team 10.2.4-1Dogtag Team 10.2.4-0.2Dogtag Team 10.2.4-0.1Dogtag Team 10.2.3-1Dogtag Team 10.2.3-0.1Dogtag Team 10.3.0-0.1Dogtag Team 10.2.3-0.1Dogtag Team 10.2.2-1Dogtag Team 10.2.2-0.1Dogtag Team 10.2.1-1Matthew Harmsen - 10.2.1-0.4Ade Lee 10.2.1-0.3Christina Fu 10.2.1-0.2Dogtag Team 10.2.1-0.1Ade Lee 10.2.0-3Matthew Harmsen - 10.2.0-2Dogtag Team 10.2.0-1Matthew Harmsen - 10.2.0-0.10Matthew Harmsen - 10.2.0-0.9Matthew Harmsen - 10.2.0-0.8Fedora Release Engineering - 10.2.0-0.5Jack Magne - 10.2.0-0.7Matthew Harmsen - 10.2.0-0.6Matthew Harmsen - 10.2.0-0.5Ade Lee - 10.2.0-0.4Fedora Release Engineering - 10.2.0-0.3Michael Simacek - 10.2.0-0.2Dogtag Team 10.2.0-0.1Ade Lee 10.1.0-1Ade Lee 10.1.0-0.14Ade Lee 10.1.0-0.13Ade Lee 10.1.0-0.12Ade Lee 10.1.0-0.11Endi S. Dewata 10.1.0-0.10Abhishek Koneru 10.1.0.0.9Abhishek Koneru 10.1.0.0.8Endi S. Dewata 10.1.0-0.7Endi S. Dewata 10.1.0-0.6Endi S. Dewata 10.1.0-0.5Ade Lee 10.1.0-0.4Endi S. Dewata 10.1.0-0.3Matthew Harmsen 10.1.0-0.2Ade Lee 10.1.0-0.1Endi S. Dewata 10.0.2-5Ade Lee 10.0.2-4Ade Lee 10.0.2-3Endi S. Dewata 10.0.2-2Ade Lee 10.0.2-1Ade Lee 10.0.2-0.8Endi S. Dewata 10.0.2-0.7Endi S. Dewata 10.0.2-0.6Ade Lee 10.0.2-0.5Endi S. Dewata 10.0.2-0.4Endi S. Dewata 10.0.2-0.3Endi S. Dewata 10.0.2-0.2Endi S. Dewata 10.0.2-0.1Endi S. Dewata 10.0.1-9Ade Lee 10.0.1-8Endi S. Dewata 10.0.1-7Matthew Harmsen 10.0.1-6Endi S. Dewata 10.0.1-5Endi S. Dewata 10.0.1-4Matthew Harmsen 10.0.1-3Matthew Harmsen 10.0.1-2Ade Lee 10.0.1-1Matthew Harmsen 10.0.0-5Matthew Harmsen 10.0.0-4Ade Lee 10.0.0-3Ade Lee 10.0.0-2Ade Lee 10.0.0-1Matthew Harmsen 10.0.0-0.56.b3Endi S. Dewata 10.0.0-0.55.b3Endi S. Dewata 10.0.0-0.54.b3Ade Lee 10.0.0-0.53.b3Ade Lee 10.0.0-0.52.b3Endi S. Dewata 10.0.0-0.51.b2Endi S. Dewata 10.0.0-0.50.b2Matthew Harmsen 10.0.0-0.49.b2Ade Lee 10.0.0-0.48.b2Matthew Harmsen 10.0.0-0.47.b1Ade Lee 10.0.0-0.46.b1Ade Lee 10.0.0-0.45.b1Ade Lee 10.0.0-0.44.b1Ade Lee 10.0.0-0.43.b1Ade Lee 10.0.0-0.42.b1Ade Lee 10.0.0-0.41.b1Ade Lee 10.0.0-0.40.b1Endi S. Dewata 10.0.0-0.40.a2Endi S. Dewata 10.0.0-0.39.a2Ade Lee 10.0.0-0.38.a2Endi S. Dewata 10.0.0-0.37.a2Ade Lee 10.0.0-0.36.a2Endi S. Dewata 10.0.0-0.36.a1Endi S. Dewata 10.0.0-0.35.a1Endi S. Dewata 10.0.0-0.34.a1Ade Lee 10.0.0-0.33.a1Matthew Harmsen 10.0.0-0.32.a1Endi S. Dewata 10.0.0-0.31.a1Endi S. Dewata 10.0.0-0.30.a1Endi S. Dewata 10.0.0-0.29.a1Endi S. Dewata 10.0.0-0.28.a1Endi S. Dewata 10.0.0-0.27.a1Endi S. Dewata 10.0.0-0.26.a1Endi S. Dewata 10.0.0-0.25.a1Endi S. Dewata 10.0.0-0.24.a1Matthew Harmsen 10.0.0-0.23.a1Endi S. Dewata 10.0.0-0.22.a1Endi S. Dewata 10.0.0-0.21.a1Matthew Harmsen 10.0.0-0.20.a1Matthew Harmsen 10.0.0-0.19.a1Matthew Harmsen 10.0.0-0.18.a1Endi S. Dewata 10.0.0-0.17.a1Matthew Harmsen 10.0.0-0.16.a1Ade Lee 10.0.0-0.15.a1Christina Fu 10.0.0-0.14.a1Endi S. Dewata 10.0.0-0.13.a1Endi S. Dewata 10.0.0-0.12.a1Ade Lee 10.0.0-0.11.a1Matthew Harmsen 10.0.0-0.10.a1Matthew Harmsen 10.0.0-0.9.a1Jack Magne 10.0.0-0.8.a1Matthew Harmsen 10.0.0-0.7.a1Endi S. Dewata 10.0.0-0.6.a1Ade Lee 10.0.0-0.5.a1Endi S. Dewata 10.0.0-0.4.a1Matthew Harmsen 10.0.0-0.3.a1Matthew Harmsen 10.0.0-0.2.a1Nathan Kinder 10.0.0-0.1.a1Ade Lee 9.0.16-3Endi S. Dewata 9.0.16-2Matthew Harmsen 9.0.16-1Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] [manpage] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- Updated jss dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1671245 - CC: unable to verify cert before import [rhel-7.6.z] (ascheel) - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL) [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout configuration [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA, - # Added Batch Update Information to Product Version (mharmsen)- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification if enableOCSP is true [rhel-7.6.z] (jmagne) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access log and audit log using REST [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1645429 - pkispawn fails due to name collision with /var/log/pki/ [rhel-7.6.z] (dmoluguw) - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output keyID needs to be captured in file [rhel-7.6.z] (cfu) - Bugzilla Bug #1656297 - Unable to install with admin-generated keys [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as TLS client [rhel-7.6.z] (cfu) - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be removed from the default ciphers list [rhel-7.6.z] (cfu) - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu) - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen) - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth [rhel-7.6.z] (cfu) - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails [rhel-7.6.z] (edewata) - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for a password [rhel-7.6.z] (edewata) - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra, pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne) - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when there is no space on the disk to write logs [rhel-7.6.z] (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,- Updated nuxwdog dependencies - ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #673182 - ECC keys not supported for signing audit logs (cfu) - Bugzilla Bug #1593805 - Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu) - Bugzilla Bug #1601071 - Certificate generation happens with partial attributes in CMCRequest file (cfu) - Bugzilla Bug #1601569 - CC: Enable all config audit events (cfu) - Bugzilla Bug #1608375 - CMC Revocations throws exception with same reqIssuer & certissuer (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0 with latest version (abokovoy) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1548203 - pki console configurations that involves ldap passwords leave the plain text password in signed audit logs (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1494591 - keyGen fails when only Identity- Re-spin alpha builds- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden by CSR encoding (cfu) - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certificate (ftweedal) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu) - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu) - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu) - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request authenticated through SharedToken (cfu) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- ########################################################################## - # RHEL 7.6: - ########################################################################## - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a certifcate (ftweedal) - Bugzilla Bug #1544843 - ExternalCA: Installation failed during csr generation with ecc (rrelyea, gkapoor) - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest upstream 10.5.x (RHEL) (mharmsen) - Bugzilla Bug #1580394 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC (cfu) - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (ftweedal, cfu) - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1588655 - Cert validation for installation with external CA cert (edewata) - ########################################################################## - # RHCS 9.4: - ########################################################################## - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to- Rebuild due to build system database problem- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata) - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM and FIPS (edewata) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1542210 - pki console configurations that involves ldap passwords leave the plain text password in debug logs (jmagne) - Bugzilla Bug #1543242 - Regression in lightweight CA key replication (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event set (RHEL) (edewata) - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and audit event logging at startup (jmagne) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1525306 - CC: missing CMC request and response record (cfu) - Bugzilla Bug #1532933 - Installing subsystems with external CMC certificates in HSM environment shows import error (edewata) - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm (edewata) - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers permitted in fips mode (mharmsen) - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED outcomes. (edewata) - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in SharedToken scenario's (cfu) - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown revRequest.issuer (cfu) - Bugzilla Bug #1541853 - ProfileService: config values with backslashes have backslashes removed (ftweedal) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the- Updated jss, nuxwdog, and openssl dependencies - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in few cases (ftweedal) - Bugzilla Bug #1428021 - CC: shared token storage and retrieval mechanism (cfu) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog (alee) - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during pkispawn (alee) - Bugzilla Bug #1520526 - p12 admin certificate is missing when certificate is signed Externally (edewata) - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance (alee) - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to missing nextupdate field (ftweedal) - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen) - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords in several different files after installation completes (alee) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage (jmagne) - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to setup with CMC signed certificates (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals- Patch applying check-ins since 10.5.1-1- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release (RHEL) - ########################################################################## - # RHCS 9.3: - ########################################################################## - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and- #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0- #Require "jss >= 4.4.0-8" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332 - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions) - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS) - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data: - ########################################################################## - # RHCS 9.2: - ########################################################################## - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271 - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin- Resolves: rhbz #1463350 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1463350 - Access banner validation (edewata)- # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert - # Bugzilla Bug #1463350 - Access banner validation (edewata) - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen) - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03 - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system- # Resolves: rhbz #1469432 - ########################################################################## - # RHEL 7.4: - ########################################################################## - # Bugzilla Bug #1469432 - CMC plugin default change - # Resolves CVE-2017-7537 - # Fixes BZ #1470948- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1458043 - Key recovery on token fails with invalid public key error on KRA (alee) - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client authentication cert against CMC signer (cfu) - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after deleting the any of the subsystem certs from it (ftweedal)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC revocation non-signing cert requests (cfu) - Bugzilla Bug #1458047 - change the way aes clients refer to aes keysets (alee) - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code (alee) - Bugzilla Bug #1460028 - In keywrap mode, key recovery on KRA with HSM causes KRA to crash (ftweedal)- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement - ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (edewata) - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure ACCESS_SESSION_ESTABLISH_FAILURE (edewata) - Bugzilla Bug #1454450 - SubCA installation failure with 2 step installation in fips enabled mode (edewata) - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import is asking for password when already provided (edewata) - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes) - Bugzilla Bug #1458043 - Key recovery using externalReg fails with java null pointer exception on KRA (alee) - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter (edewata) - Bugzilla Bug #1458429 - client-cert-import --ca-cert should import CA cert with trust bits "CT,C,C" (edewata) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret) using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne) - Bugzilla Bug #1445519 - CA Server installation with HSM fails (jmagne) - Bugzilla Bug #1452617 - Unable to create IPA Sub CA (ftweedal) - Bugzilla Bug #1454471 - Enabling all subsystems on startup (edewata) - Bugzilla Bug #1455617 - Key recovery on token fails because key record is not marked encrypted (alee)- Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error (mharmsen)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal non-signing cert requests (cfu) - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC with identity proof (cfu) - Bugzilla Bug #1447144 - CA brought down during separate KRA instance creation (mharmsen) - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata) - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne) - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen) - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in ConnectorServlet. (edewata) - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata) - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED audit event. (edewata)- ########################################################################## - # RHEL 7.4: - ########################################################################## - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when HSM is used. (alee) - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes) - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause error (cfu) - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from the KRA (ftweedal) - Bugzilla Bug #1448204 - pkispawn of clone install fails with InvalidBERException (ftweedal) - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on thales hsm (alee) - Updated "jss" build and runtime requirements (mharmsen) - ########################################################################## - # RHCS 9.2: - ########################################################################## - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in conjuction with FreeIPA (ftweedal) - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the startTime parameter is not working as expected. (jmagne) - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing certificate requests (cfu) - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal) - Bugzilla Bug #1445088 - profile modification cannot remove existing config parameters (ftweedal) - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption) (RHEL) (alee) - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when pki CLI terminates SSL connection (edewata) - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption) (RHCS) (alee)- ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1282504 - Installing pki-server in container reports scriptlet failed, exit status 1 (jpazdziora) - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS enabled system (edewata) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support for sc 7 g & d cards (RHEL) (jmagne) - Bugzilla Bug #1437591 - cli authentication using expired cert throws an exception (edewata) - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a request (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1274086 - [RFE] Add SCP03 support for sc 7 g & d cards (RHCS) (jmagne) - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata) - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature implementation (cfu)- Require "nss >= 3.28.3" as a build and runtime requirement - Require "jss >= 4.4.0-4" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find failure (edewata) - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - ############################################################################ - # RHCS 9.2: - ############################################################################ - ############################################################################ - # Common Criteria - ############################################################################ - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature implementation (cfu) - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption cert requests (cfu) - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures (edewata) - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance protection cert mechanism (cfu)- Require "jss >= 4.4.0-1" as a build and runtime requirement - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement - ############################################################################ - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4 - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and pki-console to 10.4.x - ############################################################################ - # RHEL 7.4: - ############################################################################ - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate when --usages verify (vakwetu) - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message (vakwetu) - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN (ftweedal) - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1325071 - add options to enable/disable cert or crl publishing. (vakwetu) - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata) - Bugzilla Bug #1372052 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1375347 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - Bugzilla Bug #1376226 - IPA replica-prepare failed with error "Profile caIPAserviceCert Not Found" (ftweedal) - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata) - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata) - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen) - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHEL 7) (edewata) - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA (vakwetu) - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata) - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL) (jmagne) - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate (vakwetu) - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website incorrect (vakwetu) - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne) - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata) - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata) - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6 environment. (edewata) - ############################################################################ - # RHCS 9.2: - ############################################################################ - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu) - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (RHCS 9) (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (RHCS) (jmagne) - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata) - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS) (jmagne) - ############################################################################- ## RHEL 7.3.z Batch Update 4 - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN (ftweedal)- ## RHCS 9.1.z Batch Update 3 - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - ## RHEL 7.3.z Batch Update 3 - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System 8.1 fail NIST validation test with parameter field. (cfu) - Bugzilla Bug #1417064 - Unable to search certificate requests using the latest request ID (edewata) - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website incorrect (alee) - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will not finish start, hangs (ftweedal) - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert (edewata) - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6 environment. (edewata)- Separate original patches into RHEL and RHCS portions - ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne) - Bugzilla Bug #1404900 - RHCS logging properties (edewata)- ## RHEL 7.3.z Batch Update 2 - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port with remote CA shows authentication failure (edewata) - Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any (edewata) - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-base] (edewata) - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS mode (edewata) - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config (jmagne) - Bugzilla Bug #1404176 - logging properties and man pages (edewata) - ## RHCS 9.1.z Batch Update 2 - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI [pki-tps] (edewata) - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS tokendb shows different certificate status (cfu) - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and enroll G&D Cards (jmagne)- Marked the following RHCS 9.1.z bug: Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) as a duplicate of RHEL 7.3.z bug: Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) (added KRA key recovery via CLI in FIPS mode) - ## RHCS 9.1.z Batch Update 1 - Reverted patches associated with Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- ## RHEL 7.3.z Batch Update 1 - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does not show proper error message (alee) - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service ("ipa-cacert-manage renew" failed?) (edewata) - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal) - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata) - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar files (edewata) - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java (edewata) - ## RHCS 9.1.z Batch Update 1 - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu) - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed tokens (jmagne) - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued (jmagne) - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches - Bugzilla Bug #1381635 - Token format with external reg fails when op.format.externalRegAddToToken.revokeCert=true (cfu) - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when set on a token (jmagne) - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. (jmagne) - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is not reflected in the TPS Web UI (edewata)- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata)- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata) - Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate - Restores: rhbz #1319557 - pkispawn KRA instance is failing server - Removes from Errata: rhbz #1372041 - Unable to create system certificates in different tokens- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion (ftweedal) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata) - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry deleted (ftweedal) - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if USN plugin enabled (ftweedal) - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per instance name (for shared HSM) (cfu) - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu) - PKI TRAC Ticket #2449 - Unable to create system certificates in different tokens (edewata)- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne) - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor) - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)- PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen) - CMCEnroll - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" (edewata) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (cheimes, edewata, mharmsen) - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata) - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (edewata, mharmsen) - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed (edewata) - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)- Bugzilla Bug #1366465 - Errata TPS upgrade test fails- PKI TRAC Ticket #978 - TPS connector man page: add revocation routing info (cfu) - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page (jmagne) - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu) - PKI TRAC Ticket #2381 - Throws exception while providing invalid module. (edewata) - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable should accept only boolean value (edewata) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements (akasurde, alee, cheimes, edewata, jmagne, mharmsen) - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not rpm-require hostname (mharmsen) - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and pki-server (cheimes) - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata) - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne) - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not apply the specified trust bits (alee) - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen during installation (alee) - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are not used (ftweedal) - PKI TRAC Ticket #2421 - Incorrect SELinux contexts Installation/Configuration (edewata) - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full (edewata) - PKI TRAC Ticket #2428 - broken request links for CA's system certs in agent request viewing (cfu) - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial number in migration case (jmagne) - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. (mharmsen) - PKI TRAC Ticket #2433 - Lightweight CA GET /chain returns bogus PEM data (ftweedal)- PKI TRAC Ticket #691 - [MAN] pki-server man pages (mharmsen) - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with key-generate when --usages verify is passed (jmagne) - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS (cfu) - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key generation for non-encryption token keys (cfu) - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages (mharmsen) - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for shared vs non shared tomcat instance installation (mharmsen) - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws IOError (edewata, ftweedal) - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core update on upgraded system (ftweedal) - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing it to "internal" (mharmsen) - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared secret from remote TKS (jmagne) - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws attribute error (ftweedal) - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with --help option (edewata) - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust flags (edewata) - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while specifying invalid parameters. (edewata) - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password during silent installation (edewata) - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg (ftweedal) - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given (ftweedal) - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance fails (ftweedal) - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter beyond CA signing cert in case of external or existing CA (cfu) - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements (akasurde, edewata)- PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks pki-core (ftweedal)- Updated release number to 10.3.3-1- Updated version number to 10.3.3-0.1- Provided cleaner runtime dependency separation- Updated tomcatjss version dependencies- Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.- Updated tomcat version dependencies- Updated version number to 10.3.2-1- Updated version number to 10.3.2-0.1- Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)- Updated version number to 10.3.0-1- Build for F24 beta- PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.- Updated build for F24 alpha- PKI TRAC Ticket #1625 - Allow multiple ACLs of same name (union of rules) [ftweedal] - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap unconditionally [edewata] - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert request. [edewata] - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA certificates. [edewata] - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata] - PKI TRAC Ticket #1808 - Fixed illegal token state transition via TEMP_LOST. [edewata]- Build for F24 alpha- PKI Trac Ticket #1399 - Move java components out of pki-base- PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool- PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps should be removed- PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing- Updated version number to 10.3.0-0.1- Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools - Updated dep on tomcatjss [Fedora 23 and later]- Updated dep on policycoreutils-python-utils [Fedora 23 and later]- Updated version number to 10.2.7-0.1- Update release number for release build- Remove setup directory and remaining Perl dependencies- Remove ExcludeArch directive- Updated version number to 10.2.6-0.1- Update release number for release build- Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed- Updated version number to 10.2.5-0.1- Update release number for release build- Updated nuxwdog and tomcatjss requirements (alee)- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files- Update release number for release build- Reverted version number back to 10.2.3-0.1 - Added support for Tomcat 8.- Updated version number to 10.3.0-0.1- Updated version number to 10.2.3-0.1- Update release number for release build- Updated version number to 10.2.2-0.1 - Moved web application deployment locations. - Updated Resteasy and Jackson dependencies. - Added missing python-lxml build dependency.- Update release number for release build- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2 - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency. - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime dependencies- Change resteasy dependencies for F22+- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by default and upgrade (cfu) - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen) - up the release number to 0.2- Updated version number to 10.2.1-0.1. - Added CLIs to simplify generating user certificates - Added enhancements to KRA Python API - Added a man page for pki ca-profile commands. - Added python api docs- Disable pylint dependency for RHEL builds - Added jakarta-commons-httpclient requirements - Added tomcat version for RHEL build - Added resteasy-base-client for RHEL build- PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec- Update release number for release build- PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps- Merged jmagne@redhat.com's spec file changes from the stand-alone 'pki-tps-client' package needed to build/run the native 'tpsclient' command line utility into this 'pki-core' spec file under the 'tps' package. - Original tps libararies must be built to support this native utility. - Modifies tps package from 'noarch' into 'architecture-specific' package- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' packages . . .- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Respin to include the applet files with the rpm install. No change to spec file needed.- Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires -- drop dependency on java-atk-wrapper - Removed 'java-atk-wrapper' dependency from 'pki-server'- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .- Update rawhide build- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Use Requires: java-headless rebuild (#1067528)- Added option to build without server packages. - Replaced Jettison with Jackson. - Added python-nss build requirement - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python - TRAC Ticket #840 - pkispawn requires policycoreutils-python - Updated requirements for resteasy - Added template files for archive, retrieve and generate key requests to the client package.- Trac Ticket 788 - Clean up spec files - Update release number for release build - Updated requirements for resteasy- Change release number for beta build- Updated requirements for tomcat- Removed additional /var/run, /var/lock references.- Removed delivery of /var/lock and /var/run directories for fedora 20.- Moved Tomcat-based TPS into pki-core.- Listed new packages required during build, due to issues reported by pylint. - Packages added: python-requests, python-ldap, libselinux-python, policycoreutils-python- Added pylint scan to the build process.- Added man pages for upgrade tools.- Cleaned up the code to install man pages.- Reorganized deployment tools.- Bugzilla Bug 973224 - resteasy-base must be split into subpackages to simplify dependencies- Updated dependencies to Java 1.7.- TRAC Ticket 606 - add restart / start at boot info to pkispawn man page - TRAC Ticket 610 - Document limitation in using GUI install - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory- Change release number for 10.1 development- Fixed incorrect JNI_JAR_DIR.- TRAC Ticket 605 Junit internal function used in TestRunner, breaks F19 build- TRAC Ticket 604 Added fallback methods for pkispawn tests- Added default pki.conf in /usr/share/pki/etc - Create upgrade tracker on install and remove it on uninstall- Change release number for official release.- Added %pretrans script for f19 - Added java-atk-wrapper dependency- Added pki-server-upgrade script and pki.server module. - Call upgrade scripts in %post for pki-base and pki-server.- Added dependency on commons-io.- Add /var/log/pki and /var/lib/pki directories- Run pki-upgrade on post server installation.- Added dependency on python-lxml.- Added pki-upgrade script.- Updated version number to 10.0.2-0.1.- Renamed base/deploy to base/server. - Moved pki.conf into pki-base. - Removed redundant pki/server folder declaration.- Removed jython dependency- Added minimum python-requests version.- Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar- Added dependency on python-requests. - Reorganized Python module packaging.- Added dependency on python-ldap.- TRAC Ticket #517 - Clean up theme dependencies - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .- Removed runtime dependency on 'pki-server-theme' to resolve Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme- TRAC Ticket 214 - Missing error description for duplicate user - TRAC Ticket 213 - Add nonces for cert revocation - TRAC Ticket 367 - pkidestroy does not remove connector - TRAC Ticket #430 - License for 3rd party code - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP - Fix spec file to allow f17 to work with latest tomcatjss - TRAC Ticket 466 - Increase root CA validity to 20 years - TRAC Ticket 469 - Fix tomcatjss issue in spec files - TRAC Ticket 468 - pkispawn throws exception - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . . - TRAC Ticket 437 - Make admin cert p12 file location configurable - TRAC Ticket 393 - pkispawn fails when selinux is disabled - Punctuation and formatting changes in man pages - Revert to using default config file for pkidestroy - Hardcode setting of resteasy-lib for instance - TRAC Ticket 436 - Interpolation for pki_subsystem - TRAC Ticket 433 - Interpolation for paths - TRAC Ticket 435 - Identical instance id and instance name - TRAC Ticket 406 - Replace file dependencies with package dependencies- TRAC Ticket #430 - License for 3rd party code- TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . - TRAC Ticket #468 - pkispawn throws exception- Replaced file dependencies with package dependencies- Updated man pages- Update to official release for rc1- TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.- Added system-wide configuration /etc/pki/pki.conf. - Removed redundant lines in %files.- Moved default deployment configuration to /etc/pki.- Cleaned up spec file to provide only support rhel 7+, f17+ - Added resteasy-base dependency for rhel 7 - Update cmake version- Update release to b3- Removed dependency on CA, KRA, OCSP, TKS theme packages.- Renamed pki-common-theme to pki-server-theme.- TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server'- Update release to b2- TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .- Added Obsoletes for pki-selinux- Remove build of pki-selinux for f18, use system policy instead- Update required tomcatjss version - Added net-tools dependency- Update selinux-policy version to fix error from latest policy changes- Fix typo in selinux policy versions- Added build requires for correct version of selinux-policy-devel- Update release to b1- Merged pki-silent into pki-server.- Renamed "shared" folder to "server".- Added required selinux versions for new policy.- Added Provides to packages replacing obsolete packages.- Update release to a2- Modified CMake to use RPM version number- Added VERSION file- Merged pki-setup into pki-server- Added Conflicts for IPA 2.X - Added build requires for zip to work around mock problem- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .- Fixed pki-server to include everything in shared dir.- Added build dependency on redhat-rpm-config.- Merged Javadoc packages.- Added pki-tomcat.jar.- Moved webapp creation code into pkispawn.- Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.- Merged pki-native-tools and pki-java-tools into pki-tools. - Modified pki-server to depend on pki-tools.- Split pki-common into pki-base and pki-server. - Merged pki-util into pki-base. - Merged pki-deploy into pki-server.- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17 - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy' - Altered PKI Package Dependency Chain (top-to-bottom): pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common- Added pki-client.jar.- Merged pki-jndi-realm.jar into pki-cmscore.jar.- PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully via mock on Fedora 17 . . .- Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)- Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18- Added CLI for REST services- Integration of Tomcat 7 - Addition of centralized 'pki-tomcatd' systemd functionality to the PKI Deployment strategy - Removal of 'pki_flavor' attribute- BZ 813075 - selinux denial for file size access- Bug 745278 - [RFE] ECC encryption keys cannot be archived- Replaced candlepin-deps with resteasy- Added option to build without Javadoc- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes - Corrected patch selected for selinux f17 rules- Corrected 'junit' dependency check- Initial attempt at PKI deployment framework described in 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.- Added support for pki-jndi-realm in tomcat6 in pki-common and pki-kra. - Ticket #69.- For 'mock' purposes, removed platform-specific logic from around the 'patch' files so that ALL 'patch' files will be included in the SRPM.- Removed dependency on OSUtil.- 'pki-selinux' - Added platform-dependent patches for SELinux component - Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)- Added dependency on Apache Commons Codec.- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes in fundamental path structure in Fedora 17 - 'pki-setup' - Hard-code Perl dependencies to protect against bugs such as Bugzilla Bug #772699 - Adapt perl and python fileattrs to changed file 5.10 magics - 'pki-selinux' - Bugzilla Bug #795966 - pki-selinux policy is kind of a mess- Integrated 'pki-kra' into 'pki-core' - Integrated 'pki-ocsp' into 'pki-core' - Integrated 'pki-tks' into 'pki-core' - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements- Updated package version number- Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup- Added JUnit tests- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after the in-place upgrade( CS 8.0->8.1) (cfu) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #746367 - Typo in the profile name. (jmagne) - Bugzilla Bug #737122 - DRM: during archiving and recovering, wrapping unwrapping keys should be done in the token (cfu) - Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17 (rawhide) . . . (mharmsen) - Bugzilla Bug #749945 - Installation error reported during CA, DRM, OCSP, and TKS package installation . . . (mharmsen) - 'pki-silent'- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcd10.5.9-13.el7_6    pki-ca-10.5.9LICENSEpki-ca.jarcaconfCS.cfgCatalinalocalhostca.xmlacl.ldifacl.propertiesauth-method.propertiescaAuditSigningCert.profilecaCert.profilecaOCSPCert.profiledb.ldifeccAdminCert.profileeccServerCert.profileeccSubsystemCert.profileflatfile.txtindex.ldifindextasks.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestproxy.confregistry.cfgrsaAdminCert.profilersaServerCert.profilersaSubsystemCert.profileserver-minimal.xmlserverCert.profile.exampleWithSANserverCert.profile.exampleWithSANpatternshm.manifesttomcat-jk2.manifesttomcat-users.xmluriworkermap.propertiesvlv.ldifvlvtasks.ldifworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaAdminCert.cfgDomainController.cfgECAdminCert.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaCACert.cfgcaCMCECUserCert.cfgcaCMCECserverCert.cfgcaCMCECsubsystemCert.cfgcaCMCUserCert.cfgcaCMCauditSigningCert.cfgcaCMCcaCert.cfgcaCMCkraStorageCert.cfgcaCMCkraTransportCert.cfgcaCMCocspCert.cfgcaCMCserverCert.cfgcaCMCsubsystemCert.cfgcaCrossSignedCACert.cfgcaDirBasedDualCert.cfgcaDirPinUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaECAdminCert.cfgcaECAgentServerCert.cfgcaECDirPinUserCert.cfgcaECDirUserCert.cfgcaECDualCert.cfgcaECFullCMCSharedTokenCert.cfgcaECFullCMCUserCert.cfgcaECFullCMCUserSignedCert.cfgcaECInternalAuthServerCert.cfgcaECInternalAuthSubsystemCert.cfgcaECServerCert.cfgcaECSimpleCMCUserCert.cfgcaECSubsystemCert.cfgcaECUserCert.cfgcaEncECUserCert.cfgcaEncUserCert.cfgcaFullCMCSharedTokenCert.cfgcaFullCMCUserCert.cfgcaFullCMCUserSignedCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaSignedLogCert.cfgcaSigningECUserCert.cfgcaSigningUserCert.cfgcaSimpleCMCUserCert.cfgcaStorageCert.cfgcaSubsystemCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserAuthKeyRenewal.cfgcaTokenUserDelegateAuthKeyEnrollment.cfgcaTokenUserDelegateSigningKeyEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspca404.html500.htmlGenUnexpectedError.templateWEB-INFlibpki-ca.jarpki-certsrv.jarpki-cms.jarpki-cmsbundle.jarpki-cmscore.jarpki-cmsutil.jarpki-nsutil.jarvelocity.propertiesweb.xmladminGenUnexpectedError.templatecaEnrollSuccess.templateImportAdminCert.templateImportCert.templateadminEnroll.htmlsecuritydomainlogin.templatesendCookie.templatecms-funcs.jsconsolehelpfun.jsindex.jspagentGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaEnrollSuccess.templateImportCert.templateListRequests.htmlProfileApprove.templateProfileList.templateProfileProcess.templateProfileReview.templateProfileSelect.templateSrchCert.htmlSrchRequests.htmlSrchRevokeCert.htmlUpdateDir.htmlbulkissuance.templatecloneRedirect.templateconfirmRevocation.templatedisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCertFromRequest.templateerror.templateframeCRL.htmlframeDir.htmlframeDisplayCRL.htmlframeList.htmlframeListReq.htmlframeOCSP.htmlframeProfile.htmlframeRevoke.htmlframeSearch.htmlframeSrchRequests.htmlframeStats.htmlgetOCSPInfo.templategetStats.templateindex.jspmenuCRL.htmlmenuDir.htmlmenuDisplayCRL.htmlmenuList.htmlmenuListReq.htmlmenuOCSP.htmlmenuProfile.htmlmenuRevoke.htmlmenuSearch.htmlmenuSrchRequests.htmlmenuStats.htmlmonitor.htmlmonitor.templatenotImplemented.htmlprocessCertReq.templateprocessReq.templatequeryBySerial.htmlqueryCert.htmlqueryCert.templatequeryReq.templatereasonToRevoke.templaterevocationResult.templaterevokeBySerial.templaterevokeCert.htmlsrchCert.templatetoDisplayCRL.templatetoUpdateCRL.templatetop.htmlunrevocationResult.templateupdateCRL.htmlupdateCRL.templateupdateDir.templatecms-funcs.jsfuncs.jsheader.templatehelpfun.jsindex.jspindex.templateports.templateeeGenError.templateGenPending.templateGenRejected.templateGenSuccess.templateGenSvcPending.templateGenUnauthorized.templateGenUnexpectedError.templatecaAIMEnroll.htmlCMCEnrollment.htmlCMCRevReq.htmlCertBasedDualEnroll.htmlCertBasedEncryptionEnroll.htmlCertBasedSingleEnroll.htmlChallengeRevoke1.htmlDirPinUserEnroll.htmlDirUserEnroll.htmlDisplayCRL.htmlEnrollSuccess.templateGetCAChain.htmlImportAdminCert.templateImportCert.templateKeyRecovery.htmlManCAEnroll.htmlManObjSignEnroll.htmlManRAEnroll.htmlManServerEnroll.htmlManUserEnroll.htmlOCSPResponder.htmlObjSignPKCS10Enroll.htmlPortalEnrollment.htmlProfileList.templateProfileSelect.templateProfileSubmit.htmlProfileSubmit.templateRenewalSuccess.templateRevocationSuccess.templateUserRenewal.htmlUserRevocation.htmlbench2k.htmlblank.htmlcheckRequest.htmldisplayBySerial.templatedisplayBySerial2.templatedisplayCRL.templatedisplayCaCert.templatedisplayCertFromRequest.templateenrollMenu.htmlindex.jsppolicyEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileEnrollmentindex.jspprofileMenu.htmlretrievalMenu.htmlrevocationMenu.htmlprofileMenu.htmlqueryBySerial.htmlqueryCert.htmlqueryCert.templatereasonToRevoke.templaterecoveryMenu.htmlremoteAuthConfig.templaterenewalMenu.htmlrequestStatus.templateretrievalMenu.htmlrevocationMenu.htmlrevocationResult.templatesrchCert.htmlsrchCert.templatetabs.htmltoDisplayCRL.templateunrevocationResult.templatecms-funcs.jshelpfun.jsindex.jspindex.jspservices.template/usr/share/doc//usr/share/doc/pki-ca-10.5.9//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/conf/Catalina//usr/share/pki/ca/conf/Catalina/localhost//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//usr/share/pki/ca/webapps/ca/WEB-INF/lib//usr/share/pki/ca/webapps/ca/admin//usr/share/pki/ca/webapps/ca/admin/ca//usr/share/pki/ca/webapps/ca/agent//usr/share/pki/ca/webapps/ca/agent/ca//usr/share/pki/ca/webapps/ca/ee//usr/share/pki/ca/webapps/ca/ee/ca//usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment//usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu       directoryASCII textASCII text, with CRLF line terminators (Zip archive data, at least v2.0 to extract)ASCII text, with very long linesXML 1.0 document textexported SGML document, ASCII textC++ source, ASCII textHTML document, ASCII textXML 1.0 document, ASCII textHTML document, ASCII text, with very long lines?7zXZ !#,]"k%f9z(+ ͥ!H(sKzHm0|{}h`uh]<"V#Esऋt<@ h`6-U@s0?n]y.C^f@ErhXQ{siat!FUCH[AWKhβTVda݆jw6=bR6F>k15+U57­A_w.sȾ@ƂPWv |@XȂ08 #T$'!vzY7j( bZ&QTArɌ^Ƅ9>X**bǬ'p8>cN7e( A<-XiMچLqG_{*kuS $#tNy=(b}ۥ+m@e5ΰ:KZmIGpnԈQG3өv=-;-(7tڬ,*o+0)' ˻ ,A:I %$4]o"I&İtc!8Ǫ قb5iE4$ę˴f! NY[Lװ̝GY=(M,b]f&CݿgꀡջǙ @:NBhŻoR( X*ė,Ҟ<")$^R JU8Zfȴ8{k;ߑK^{Cd՗/uYE>"n-^n|D# D= IVf 0?٣g3uL?Aɫfo\ n;XsRRatmff0w+NǺ$<0>0)*(l-kMhw3~* '"PkڥYf[ը*"=gZa֠U2Q9o#Au.˕$[!9}y架+߂bf۪Шkݠ>zaQ0.l]`Y ,GPv0<'GvK{Ⱳ ؿܜ6%սBƤ°{[(G\O#e6Z+ǃ\NL} .ys <+kDPD8a> VY.JJ, Xj$>e&C`_t@oIק~,0hHb~t6Ѥ-Dg=̳|b&䅪ٚp+ڌwyXt\*a(goOVH^\%YϙY\ZF{#+s▱&"ZаH` 5TlU gus;VtfmEcw"4曄qK@HyvAdڊp!ߐqxdB ·Z‚oS}ewFXVg87(o:mﲸ¡okD>iAz$c818xPUE{_69tM:TUoܰZ,X{w@/az/2`∂N7SI9bU-az+ro͋r7- @fe9Xydt4.?D*=?E)eg@$%ϐj_DAŘXt UHku}w?1MѼZ4PebtΆI"fƣ2nfÁyaӷII/A&Yfh#gkn }hl ZuxȨgnFQHۆ%SeĻοgUk(z%K|:Y Sv=H׆s[ϧyPGUvt]^(I`fzV=3~x؅gd26+-?ȣ̡ *1Ut!z&t|mr=UԽ[ Q"`٫O^#Ytl!Ѝ/dBSlćx~tO!x(Ol~?c I*{+h[k Kul0 w^[0ҝvZHp9}URftyS]uӴZ͒aQ1l6!Ĩ`@99<>4H)zDHb <{usU̵v/FdKg+yNλ9uLC-}8^ kKfл +noSk,U,#a%O m%vh@AOyѦ7u֓/a|ȊYA5X@v)Yj/f(C5$ KrEs3ɫRJx7Fa<#:d#9MMӲ[oЉ3upj_mǬӗ*qa O Ľa< hFw22vFBRIL"8}V 㡮3I!wJ'&S @wʄ* 58f}aoh]W,T$$˭(u}\ȇ\ ߮9a&ąm3|Ūֳ-Jm#V-(lԟ8Q誢QF=PswɩGpM>U M`}Ms{/:cڇ۰@%"{>w?oN}0kvoI.b=;L5Z{+H xjpwnHTt tWfY}Ua<gPVF 74\0y^SceP5Ifaf@F@94L;ٓlfEB6(gQ2Ty9@ ++J|*%# l!EڻF zQd7s E|pkuw*~d=d;J#v.P"[6‰$yO<~LMf" JE¿MfPa 6+1Y+KZ ϋ-]="~2x::ڬ.`6Fb 4=y&GU*λޜnLxwVi !Wvl<%8@] )M{UQhמ4SUp;Q<ٓ8jeX-dE?5"b WKVX'_d^isc`R)E]rWB͇0} ́fV^M_vuY%k@6$!6b q߼#A@jAm )G}c7残 ݈nNA*"8X}Vvutؘ֯:NbzLA@9@Dol01^}dbdu윅Cؒ5 79Z3)StȿGhbGO%Fq}nR jU**iX;SLZz8oc(&ǴU~FϘlN=ZǞrf|W"~:ywAO ?̽)-p  #%I5gWc]S4?B H=)UcSq-=tR O0I^-'62X/^fAhiY-T>C2:_+!|:,,~RLV\ž:9:[q]!:!qF_!_~gߴ`Oч>VrZGMr(!p? g\TO&eyv"/ 92j-  `Xam h\SJ#(0`5zL2p 9(|}+6zy  n=uɐׇ>!kfP jl.&WJsE2!2貲tp<^=QSCa4?4M}_ Q5'`v$k}V!(&hmpƤ2+Ξh. %鏾 V~ZM(bc[ -$ I6%=]J}DyC@l1W?`U"{1'OleE#idPZq]o~_A*0~\kRy|i(BDͮfdK ^W[o[ B1}TXku}}k\Io)y/o,\G1b^';Ol_qpbU#O6CdZxڧeLÆA{`Ӯ6wi #h QN]۟6yz& 4DSKjдt5 "_ ZegJ)y}V_n+.,x-&IqvB7]ڲНѳ5͘pHE=13~AÈ_ /{ xbwDn!5ihG= J&(J1 n*j~{ ׵mEDmkT>MSr"`]'6;}[?u%: zP'tQ5Ocp]=pB(Ys'..F6_G EYje`}}չF3u(ZC{1\]35nB d;&?6Rr/g쓾1%WMj6GLS Js/".I0ݝ wMmE_>Wk0x,Ԅm!5d!T*,k~vj+Ld,RY Z0" z>ͩ2vEl Ѓ_N@}6˕/ul1 E7O?!kTsRh*[`0|x17ah|l䏊Zf%D_p2R=jcjǖS_#XAg_vɽS\hi׾@bP;D0Kqj#RߴkSj0wXarzq2}{5.*˻@epfG@g$ ;h;u`/DE}mub*b!zbYT'O1Ljbt,\^G,aP,Y14*eZ0-ÊythtdJNj ]#,ߪq.}){JeHm5j]fx~ۊsX@KJomfv}~h埤bsx3` ``w afú$7ER f]0ѪV@I]!6%LbgSTqc {$q"I/_SE5f_5UÚ?J~KtOm"/=wӛl/mh $EkQo6f\) %?Aó2*!+J5Gtc]Vm籚&`Z@)ⳣ<Xyh=ˍ&V4m8(@FuN%W8c}G^$7LusG s& H =#,)L`]ߣ'OP tNg^qcΓ?dXħ_Fo<vB~%O!aq">B-Ԥ0!sYqL~| D{RTf&6wE@O#Vgᩓ 6_i:ḶhŽ$>@?!At^h3'M|XƂQ')Pw4ɋhEsX؁ag\n!]ʻc>PS>KF| Li;K˜|%AddOnM/iH2Ar!&Oh]O~꣇%8MU@<5{6°5xߒKtMXƖ {EXRݓ'4e"o] ? Wl?T1vLu3ѤV-(~Q#;G]ʥ1iD뭙c8*H;ESūe{3K.6 ÆIp 2`<ߟiDMD?Ck'l&7KFؚ,ҠiGy$z$\ʼ[qV-C} O,%ՙaSƾ4]NjY4?:mCC}.?eW3>VV(&b~/}I?g ʝ\ |"}6pٖ[2}F۟LwbK$0 k3l-b-^2C~թ&lS9[~ap SY^fY2/Gs'n314 9AYMK ͇Eog-bvXhEQd *QO1 A1͐~ $`ǂ^+n:C`3H&{*w;E.Vr@OO*0Un^JP` I?]cŇ"bcg!Ϛ&Yt РN%DLc{'LPxwdPbU5VGJ a 2^r)|՛M9A^U"=N:vLtWH LFmךFեɬL(JļNeWwK@.f H !aa_':,boOgO()ǐwPL̯YIWpB/ ߲{ɩ>.3 CiM_) %dí7Ddvgu9֕6`E8Y1L󼝳&]#uMr*ukNޡQ'1aC_j+,`n:Ƹ6,ePO"K} S0-s]qYG  _䩽BStgI P?+A o'Km "9Y_3Igu󛨌0kWFlIЙoƚ2f>όq Os<1+\qmmQuZ9Ґ<4B^{^4L%G(B |$r94a+_(_VδujdqLn yF/>3~rUIOpdF/'G\H%ZCѓIW}':ӣq@faѰw%[[ 2M:b_&4 2?^VAu9 ++zXԿx(u99=A'1d(ZY jsD?E] %WŊ IMLkw ƎQ5ۯivX2I% ᑞ' _J=|U839MB kBYIs q\N7"bcr#&J[On, MRGkvNX-S?I.(fyrq|sF9틹,*(@9 ?=g:D[p@?3սxL/b >o̒JlPA߂t|:B.>]$|U|%ֲ \(WLDnxs"ۺKzEszw^~ṃiV= YEZ3BgCe=zxn(3Cgd2Ca{߶ܴl%*=mybLmDy/ڬP/ UxʏN#]gQz%o7@Qy^^;WXЕB4% Alc`"RGE^(+a4K%/Ԁwa.3d$LQF\*`t9gAuO1'3 uG CF*7G ]KK# >9dh3e*5l_z^3WW)O蘁o<컓5wt0+L :1eo' "8@|H/]ZmCƠ:{cLfy5$G|h8`<'C+;+#(HXN7 R.q~U6H*1Xw7MCf싄g˓BqO{y@#u˻A:".Ѱ*~J6Fd`8E:"Vi(k kI)7m͚A&c%ﭐG%zWW5V4<smDϸP` 6EZIVnZQ> "׹d7I6O߅v߀=Gn AXIiӾ`]s(o'ka`>87̱-V8orNz]JϻXa>`7c Ad@fP +JCV7pO=Ws&SVA">6n΀ j˔ufwUW/@P(?Ƥ^I[7DG $Vl݃ij݉oz)."SI0l nH$ᲅj*`ݤu7y *9kmxyó\JmGD-P=Vt. 'Ml< 0Z'ZJ 7c= }+L>+2?й+yaS͕z::\26*[ mM ,޷A 2_d=WꨁR͋f:IVT,](0472aRR\mt%@{/V:ERaXFU(2p3`BJ~o!bH+Qpgj8EslԒėv||fE**VV.}a!|ɿ?k-ߢNQEޕ.=BpuHeF1=)6L-NSOuZK)90lV}| ٪Qpr(\K :ebr>M Csq~奒/N5=(ZBT,0EוΤr>I1 WBC 6ts 0>:}0DfV>À-mPdbZy9'JIrJ`hxK&U8 m;i&Nu¹CS(w'>eQ,@frjNFgL7ĝk0DVBv~d*ܡ;`8>84VUN/dQ6!z&g#'u_i$zls`)|5=MxYYcTdžޔΓk!uEԑ /AM AYJ?@u Qs-ymiĈ l@lBZN@ئBoh5·s!C/?Fʋzm4dgӸ/-ֺT$yHM:c:^3"v{Z1 gAj1 wc'<қAW<36g;(\E- R5̷7m['N6c2/mśz%+\|K~% 7aVyPg='p"^v#d9wP]90)~pE#[kX`FY}c\:w 51|j ߅R.rg1EBIg\Nlؑ!=n,/ %Qt@&_;i!f'Ɨ\6T1՘|9yg[mGSL|>,E}6.ʯ稡SHr$#O*<+'2 0lNnT;z<ẃSTEJzޱ'ӋeDԐZK'7[Z>`ϒ=eev̉6w2&+a}TΦN=u@hx+mB 5o8DlהŬ{ZCZPs tI<ṛ`+&Ϡ52kImB3gDmhyw"p$žAU%Ζ3Xҕ{fIo0.O-V4,XTȿw,ײekb9 49IçJ gXpV6gvTxԨ]DUR.P~ UH{VqMY,>5ED4Mk)cJ&MD,W4\T/Jx~tʸ<`t+s" W)ɵ`YWܹnTVuΤycb-diw<)4Y)zs8ƹ5 LFkAw͖mN[f#QfsN@k`zJ-eBYW(̆|(5wv^(U=&P@g4'5ZL 7VtY*,e)|S`2bϸ ߢԂeANDkɞo$NΏq5,m% scEf0;Ake=L,,:N^gHMH҇kCiw.m 5lYqR -P$T&˭6? DXEKw?zwC48wmH—]%h!Ծ/| |v  {) -Ɯ:w&#;!N{ۓX꽺5)C|4 Qb^ط`4 wu A 0yk5r+<`TS,N eqh[-шBQ x~ov-L<o'@k; [o3܄7;<Pysqv,5NA n5OL٦. %kM/z kGx?YF|r!R4A6͑>cy &5jٿg0VZ8Ow-f|8=t]\w@ƳD/X,;g ?R@vGNU:buCN]+zj<f}nX4~W_, mi|n'|#E(bLjS:?tp`[o t ކ|pI[ [ Bv U]P!Yd- )+ rT[N'Ytzh!GuHOht>:+ W<萘6V9J"X_=1qsʞG!FΎJ=޸Spc#I=Z0v͉^{ճQkFx3p\b^z0 thR |F̒}NPN"GOcLǦ@C穼 -E(R-5AB_ud(@tY[Svx y詼y _A+ jQ韎KcۉEAˑYo;Ԓ&ۍ g /u\g !󫐱^19pn!AZ]P2 24NV㚵_LQ% jstC]AeĐv4}(lX+C!ė'XK4,@<儢 H}ET4< >-'ΔJ_ WExt[4L %X7Ei(5ZN@UE*+1&A@B ** ,V9ȾA~K9҉=[iw1lQ? o}G,zpX@~H$VP8e>~D/e5T?cTriCR2Hu8B,r\/Vl< j |&,*GD£Oˊ'y5 B9Nߩ߮!mUs'4oIvI } -sY ha&12 c1VᠹIWv\Wiv^\A,0swFF G {Ќ4ͤ38W6ć'V1ULX1\wieа^x{m IN摲K8;qiek)[$sQ2RDT*ڽV22'*NUR֞Cg<Ղ|qw&pQά=Vbva*UfW ':cw4$ޡ9+ir`oeAhTHk ?D8^릐 O(p7\5+WA\y/[( Ba<] SE]I?,Su]poR_ǧIHD^Z*0Xi-p%SHmug<+x%%Rmz`W$o!&ܨEؒ+͈s{Q0 #a7G x+Fr DSq051Ze$Ogp?dh ?iyg,'THapc.P b>cBrɐ+U-Z%˼gHg%"ɷZt&@Q&lH-B/]~@yU I) lj$9q/somwe0^r"j KxlLa* c7%ьÔh>pcGbdH2GP&~*i';J539{u JSt__bA#bSWU?e!rGú}#/)O]bˌJlw{,iJ'k)MDMylRa`3̯.y@eDɺej9 :O~mv"s\CTwo7_/~;S.3nL}:-[=OJiuGoW5*Y 02 {F)]3ԋ u n:]آA6^"[>w0E"D':lzw>s%z0BOŎ.MM|lo# =b́60mW5UB:`@dgwzX\`m%?!ڐ Ӄ-k1lG fw=#QmH0ūϾYJ#5]д|HXbdXk^[+%xA͸,WjVn؄{#?$Qn51M/JFڻBrp22k:CF#0';XX#0Z!pk)奻~*bA7zIϛjwa%{Uv [v_u`+c+CHV\aB}Sf% y3be&{ϊl=]x?Uis~{ɴQ1B2#ĕyAÊʰ Y ƅ2KQQVpC|)6$l]/+ !7+Ӝgu&0ɒ}D4gD?H?c9 ڤ`H <,"v`+RA<8W۝NjXו=QO)n.e +bJÆMVl8D vPȇ3'fx:|0.!\ (?}AR tqټ( 71[U eJ0}+Gx4 hz-"[9&"`{*+ok&;D =ɄO_B/Wn [ pif:O|=N㖧V38vtR-z)5a|Ll4ŹY4ʡQVx>=L *;X^k?Y.NNE7k'zj wq8D Pk.)(~NZ}deVv}6r=j1~`YbnY!'S-T&2BÀvZphs=Et+3Й.xm1ʕ}ͥN&xGs } Je"}0GFݦV-`6c-5@;UVeJ7?JB>JUT$981:CGc|kXj8KSq'DU[QpEtJhNxBw/,D3(J`/ 1f}6PSӚ<"*oze phZ'˟ら*7QVu H-;$xqfcMJA@dbU"N73\!zT}YuBш>Ss`RµO @ɐ\6Ϡ%I֤ap"F r-*5|_%uB$AXMQٲP 6u֧12 Y5hKu$Цh""K%ʠ~Ÿmĭ,OD$xwcxi> ވYr /yYP1._Ljwk"ЯݑW5M0 me=.^&5 ǫvm![M9S_˓;& zݷV#VRn1!xH>ut+E &* Tլ ݏ}{jl:[4yVP dǻf).XyqίXj iɪv4LoO;|+P<|k@S-" e'1 PI$7ᔨXh[+вΧVӛISn+wg, Q (;-mR ^*Ap("SLg+ۍXED'+1x Ggiu4ڙ/pUEdCO{i<7@cohA ޗ07дBZVhB>yfՍm&*D?rsC`ADGmiXS[&*`èR[WjojV &aw/t'C>('~ CΣ1FEAExrN}֌zjpDd-%+/X-ua5©! l|hd7"{8lXY.u EK~k^vWF V\qu!' KɟoY)fJrSRs3??Sgv}+\+@%u\ScYu0IN%kNmB BS-K ˭wn6wY4՟VkyUKNҍMj| O0̓wJy.Tm0kB\ kp ,SEPZeteiyΘˡ~.Wa¨3`ĪÆ( }G!5+ ,Pth&I1Vi+q([{ɦiE,TgZm*z%\MJ\pIJvnUVewC]g1]'-vͧnoשY>}@rw%D!ޚ.Rṋ4^4/LzG8RG6X(FNz+ݹuX1NЊٛP(|&+:F^޽Tj&սL#ۀB-v ~b/z|5U|`ȟO $ahԧ{hN[KNSFta5I%IN_BlLm\\ҠTM?,raj۾ X00o'߰p5r3kzC"y^[X[6]j`&\ުKʿVQȞP1"{/.ҕG׷cKF#A%3>?9j')n Ek5Բd|6ʞR0: P8 RfeTٻ jkh'sOgTGm 2!#{BG?% {\Rg^H+z`НJZa*@ޔՁ_\[g¬,..J-3qJBX"wo"U^ epvU |o)S1ۢ[?+ y7'Mܞ9Ee3A}e~W;2,rh* (0rWȯZN\T7(*e1fLi@uŘ =wr=h3c)k XlؙW5qKhYAᇠO}Q 0UF8OxAGW 3i*6({U[{WOMGC/'+ۨ=zDr %xYbi>r0z菽jۙv%6cYnIΑtMs)N?LL*i<_aCxkeHZq^ :A]=8ݙr`V\> E4q 77dp}F?pbIzI韸!JCyN+м.⪉[Q[3 GM>.8 y%ȄU=OPydh4T{g;3r_(SSѽo[PԺ~GHn<kRrfz!{ənju1k%/ \̲F6~YjXMMC ҒuW~]mh[ȵțUV$/rfl<6@?%7?fEVe^{<s[m@La~.]Mņ&_w$ox^jrmtG+ b5-N(_D8C< WCn+YcV yUR 9]p.ďt]p3}S;ڐr'R;Ӂ|+(H {+CX'j_/ju/캙hlҚ"dnZM)Ђ(s=[S=\ mAćcv'K/8F Y#^_&6 a&Ò^qf S+S䨂Wp9U4lEdwJKVZi6D_֫ϕ4/ W|",LnЂ1Nu@Vi)Ȧt'4Zʵ|9JRH{L{\wZJ1aq| FɰѠJ+v#|K]BT<*S9B2\{S^>i4zO2Z`;ѡޮij^1@p/CUڜ'&z12"I]89}Kت\RU}5Pc0'-C)sMZN7NzfG&ǒQ}gU*]zKCwq3aY.7DX +JW||6h !{fRaO0PU L^8a bqva9J_&xBFѣSM*|*EZ,)>2 ( ºpQws}l3N_̏-9;ZRnOI8)"nxSJ%ǔYӝm- =F)1f#如gSes4djt@HH$[E@#`۪,!D!*u{n=/䕵`X$x{9I9GjͰY/Elp "{"dܟRd`J*&@YlJ6QOYܠloW10j.j|vo#8G/-8Wx*/j"CY' t0ep{;Ԛ3}R̜nAĐ[a49Y sCT75 C$!pPzv;y@.~a~AQȜ:kɱ8u8ѹcT-ɤʢ%inw!eP}@̀rAHMYT.[L WoSH\cW s珿L-W"X]tڜ@}4{y tO!."W3.3h)\Def] P/DIU +WDdrZl:d_ 'CIAa \ITS1RKfІŁQw [`S:IoHK49YsKTObVaշk$(= *':V1F?hRT]KiG4C[!J,T˧G V[F%zp8Al\BG^6SJL]B05N$ G ,7̈ȵo~KZ^d>\R'vOE`@ي?:;odԅPJuu]P~Kb7)LYi2mԀUlM7mXTMjo Ɂe;xq n*ͽC^<˨[6+@*|l-qI;9V菼 UfAL *+9EGf_tf>Bk@`AH-1fGf>}j2o@CQ 2w!#V ЧmW&.f7Hh#L1sp i0%b1 $5$5wR`Ώ΃ӹ]ɒN@5uʑzЏ:zК].Dp "CQ1,4Z3*?$ t1ӴVe`)Z#Zjv'95y[/2,pUi9 e|x`2Xb6o;Q"I@UjAK*;U ~|x£ףfgxiDdy~9 qT|0뤆&^wV"v3 2ŸPWO FO`r鮓vR9Nv;T<IB$\lil#3LtʠL* pˌ߭_0e@~&5N{78J>j.(XN3e,0E\P:S}1O|9 8 -RǪ +4X;%k+6޳"lW9FS^H0T\l2:~Z[4oqs]q#(<=l. Ӷ :Ys t fIkHm̀_s9 %h|2x%e.ivJ E6wEr2ȥ'Gpky$WfBތ^r7[zc{32+Xװ#jDlUc7\Ѫ6ocYmA,LL5ҧ5.k]ucsXBm/x:]̔#毴ZƅM,~n*~wPW7Ji`o%N;bGU|ڱ/ ыtշE&##+&;J 1^@_uhnQ!hvKD\}_T; Db$PDYFL u$ Uow-iGQppfS$]/p_𢶷bD/60E-e A9VP(B<c_-lU2Wm|Bc~A.m У0diUn.pk}+p RAfNWwr ¹Up^cOJ5,(/DQm< dplqFfupN0@D7\쟮(ɐT48Q쮑Yv Fs ޓZecz m{1ˮV*" 0ӫ2tXcUTqcBɖ~VFtP$q;[s5:[kRlWuz^N y:3N`KJ d`w @Q^C?$(`AyeͦBJt}uⵣp F#НT{E  !9Pf*G- $ܠPf}w@)XC߱s#;ڈzS6^B, m+BP STQ!&e4t#J=%|`<gl hGS^QaUF7bD(uM+a\5/?z6FdǷVLc?QB_-e=l3qa9ăgUs`B)~؏+*n! ]Vm>"=A>6 ESR8#`Al,,.ms~S6y]>[M`ľU)<2-q7G]ަg^#bZ{u@HT&F]xV`jWnڬ{Xuw=+-'' }'5?`3[TaY]  Q7ˋV+:P -KCB+heKQ`?: o?>z(H:-"PbLi@ӧẐ'ޖ+q.,G9rb y huV1"/(palz|03DF,:ͨ?HrmkA Nf yT''qHMYIg13;|ɅȜx@k].TcO}=T(B"K9DWr] /s2}83p!9&VgAL亊1D l)mD!xE@F$ )_.X+ \}m^Ӣw|-"U9 (B| h@ҶZcdy48go^daX|\=m*~XtuLTav,G>v17[rf`MXՒn1/ȣ/uW)4VBE~udbO "%]ʗnXsEqѭҡvk}+N'T?旾 DLfh?EC47*G A1q>SQ^yݧ6@h3y[%vUA^&uym;:C5`ڂ~_D8y´<_蟉c_\>iuZ'F1-6 xClEq0/%m C/gR?8 ((:3p!nLDX 5f!AP# SX?:oc5epOS1p{G!oQyLH!|0LRyT%}cs4Kىgi_yUĘ'g6k,>VonMvX= w XY(x0yD*z$͵ݹF Q+c똬9p)?\0A1Kes8cLP7|RL*j{Ν[Ah"֝O7 P4[fP7AͤZgBp=xIs,a,a%UL2V FKzbvknS܍ +Ca$8bEAIt@p65³N {]>ZR=hW듘mu!==\$jz.akF =[0e׉dPIƒ1u˳.@EjCCž,ӈ^%ΐG~CJP+&ϔ~~ؕ(WrEni6(y;qV(&q7I@&reZq8#^$Kl6/x߀QK]:7`#boht&^mѼ'kG]ܤW37,L2bȴ@*F|( \@46e(O5,<dSyZE3K`yoJ9S$ʻ7ᵊO3s웽iʅ$8 d"ѡF/ߏ^ODVIFm&@t|!#@46i, UW>@ۈݶ!)Cfo;]޶kN7lJ!nc 6I>[ 58ғ!q1gTq7F3)pH|TۤV{[Rd~*p]enX88jq V ~@J^n 4¿QJiLQ"?hAZVI%qf2wQ*R[3}x; lKMCqŅ! sxՏ>,w'58e|&3hx֊ @2 }P%@-+enNʧj4mDɅld& NtW֯f;iH]׊_@Ϭ+cĸ 2`}5%(u!O%z.[}4/[&tC:Z̰Ώ/ЙE#d#b}Ey}Pu ϋ>FH㼣&=VؒՠzZ*nAk]C!DLG 8X1?G{C&jA3'e'F}KG\`Bm$rhA!" m0Usn2+NZ F|&kb:; _.:zwm#\:H{I¹l-2n[Y -?3"aRӒW\Zu%q:A.Am2E#`xc=pdmwf'z М=I`Hz"x>W_ad C#/쭘ޤtt,~i0sF3WH57־EqXpR8Sf tMW3^$HNq8!lR.Bd^^̦J(!G 2\td(aŽ )g cӛ-}]VF`f *<ח+m\*.hkU܏) ?x>e=V" Zml$tZ8]SMUu)q5u F[dŽ+I?8`')IΔ}:Q$@L6WCX: XxnlAK >́잶d޾SJ|j}VquTK0 VB铵pN>W(L!b_X%s턑*vDzat~TzgS!`rd)Ot I\*aìfAI#l% c<8X=l'wx|u*82]ek7ٻg6CqrEU 芔Eo]W1_RKV=1ۊJ=AO,J$:_}%@D1SkFR !s3S;E tIБ[ǂCjcT(!Ll "6˟\v[8'egP>6<{ .U7)jvVwmۿD:1Vmq8o.d?{Bo!g8f>9"1y߱3FE߀ M:̼B\l KՒ\ĺ.>0P_AcA@f #Uf4|f'm:_3(+BMK냳f6ѹI7+7;Ftk|漢 a I0{8䵜=jWq-_<{V 5 ѝ Dy3 5yp땔&~4XEL=>MlV@Qަ6jހ@slc6#: ua{Rf7SZ=ˊ"-36\#/`̃/c f~4XW046=htMy[\$/ufi=M/H\D(80&HC +ţk臋 Mwohoم RK7ҚdN! էYrQhVc5C>J6mE&3ѹƥЭ2L1]IYo V/GW *0pJfAzCrsrLм:YAc LXC;(༣ox{\WYcCRpDTDmykE ZTwV]1-$Ƴ"LR>UeBGPvɏ\XC,\Z~ӂO:n.yq(n@fzr_ũoIZY7G)MuㅁcU-ČS-t4Bf5Z19UU,%~ (9H4lUuœqBܝ`Kt<į;yW7~mET5+ex 4yx.ȂϮY -c|~+w2x&qY/nDZQ_s^?\wN`DaeV\ ](F!ۈ{Ag=.>F4IvBe<;Z' _bXSSA?B,I 7'F =&f`z  ST:]InQ`^ " -%C(`0ʐ&уF=Djn~àbT\h\Ŗ+ò 0 2-Ձt7%*_ܰbs2Hg +4$xӠn!z$La;Ps.z}:@@aE"2}`6;mc9}}wα/r`kg$BM/^SI::֤icۼ\q7C)#c'97?lu@ y:slL$Ģ~R@ WE^ï'aJp^mc $@D{F)I^%OkIy՗2?%k7Nc}+9TWԭ{孼5"L nsX~L'"ua} ^x?lq@oA\]KϱfvsVb|7|BIp'=̣O2}o@κ% L-Q4FKM82Jbiިߜ|b,v` - sc5ɷ{ U'}Yu6eVinI+ Ive,wlCBczF:+}|1]˧=DR &`H/d=gCSdj+'kJ/43=)qanWQ&>xB^*&+/iHtQZf/Q7Cɇ7E{t BMv8]~/#@$GiZMu8"XpfUʐB>?h~ Ib]c:ѡMS }J /~ȟr~`n00I]b ._kݞGLi4I.hIBd&tŏk7Rʃ״1]g؀: 4P h2\*Gh#|"O?~jL q0d^^D%DuD?Ns7=e_9\yT{>KDf lz)r(3Gq1io09#7 u5*2Kٙ|{n/KBӐ@Di"C2ka5mw1H7a躍LM̊6b6=A!\1*2zDFv0\nNgQ $'CR[`ĜTrhtO 8m-ZT֌F߃zK59D͝KٞvXqPsϭҪx3; 0,-qJ!-;T۲+$ɘk/ S>\t5qIu*>u~*4I#F:JA/Rz)+R3b嚚s|CGDhq- APw}T?dň~8VXtr &RIgB2PXg KC8i|D=_9#)vhj(eOScG{x]2GxW!ҋy_$d7Y/qM!~Fטp0h,v9/acHݗGo?Ut c QneƊz3Z=撵8 θWm5[Mr8R3[&sƴVb͎ѝx(y4ihu*~[IHz9îkk1tE;x{9oj$lX }JA@mD5u\Hrc#O8h(;`< M:f|R³@*x1\NUH2#8A1SFdlHg:S<0. B" btB\y95Gю؞*V1b}`cpHbZ8IO ӉXL#HeOW<1(a2PyoqmˤF+ilʕɈzӚ>B?Qt9oi֊j9L?<*Ax̳@ ` ٕܳwu8<, uPes%I:vlj59L|wim0=Z 'kz$.@YɹD ^2zYdpTPƓk0'{r' ?Bd>lS:S7קo, e3ҺY]\tZNlEAK U榋;TcDB.7x\~2y]lA%BQHҪ&-)P.wJ*e}͂Ըp1,6jEoFYF}cIEљvQL*7,o˟9eD oL0 kɇT5VDb@ _8؎.Y&HZwnSjR\+I/ŧ7)@S:-MM8#b7&vn^c&l+yzK3ƅes 0e?)3,]=v Ka'F!tjp?%6 8.Ծ̂ACX#fj7sGiz*[HUӰM5*};oZes_Ԛ FMG-fWxw@mWpbɧ`,ӍBGBZy?;űxsP9WǹEb n Xe%l[p,V#Գ+_\R7 /DwTTtwu_]};}Y,8N'bx^ {kꯣyca(HlGtߔm4pqz@!mMٻwX;}E󘵵ƺ>$;"pFv>¸6+.}~/IfD9s܍U̡`>Q:cjw؂.⧑7eW?G+hF1Z>Ӎ!kC-h:Wܗ'uG,L:r>8n\%/J?|eLڽ~2[ŕ8,.>,r)8Ik7ͭ|)e/EȤ y2GWl@!QcLVV|'C$?3{k9EG|P,ݜ,7%ٯ5Cȷ.'θ= wG(Uf+*?G.*(@_Q:>&qGw6-IG9/Mݏci雑6:I0y
(ڣSKٹ]@(᪷[&NP@LԦ[nBWrҴfC-z_d͗R;CCq=0.z#&KxvnrTG7ڞ!=0,,t۹˨CSW} .2,i?A(=r;[c+zb5v~Z$[wYM2G_iq'ټI#AUGZ +4B|Br|R._m y?rY y1b2°ԠunJrs^DJ/ [/8̢|=:3'[O`U@ΩV~F`pUYu>J3>QI$tv`Y}gkb`cҤʠ5Izr egih߸dǥE{U3?-*'LzGr$sMA *0 }\*ap 0꓀|4JC՜.ղ@;k*S!FJ/ }0V/om;'%j8А&5m10keFFDKG4[yEfqJ*+(7f(΃;.Q:^>jH v(?(ai.Dd gzkN%?{X=R# /g`XH.tNU$z<4|H-SZ@sP1Ā%2T6{ bAu-J/eI1Mbӥ#҂[r-0lIH^p)ډKGa,S!~Kl$ ͘p.[wv? iߙ r\W܉xIY .{k0$)l:yc}c7zlwX"ԆicQ5Ə ^$C ΋%3BC0 7fgjBHN&qB1ldĉƁqϛ'^mq8Ma0$8Y2mI?&-5arC5ΥT&ij?B69\1> ߺ ^HX&Ed;`9a-^$֐w?Oogmd̔Qt_I |Xݱk&JI8myRɠn  ŸڝJ~}^ը ʰOetX6۰ZnjTKs,K\oHW1IГHnۍgN#a9 ոc*Ã`O4#&$ꃤ k4C0,>='42rjoC*`f~;CT'UBnmfڨzȡԱ'TաNbus4:-䂑pz dJMY/v2r|m{j<Ɍ7@n͗& A} q؄q _]bv4Au1;@Cf48t8AUB*pmh?UTYᱡ'JɗӗJnd)8r 2ҙEDvy9~k,>?) zp)ny*@kU<0)ahE4L7g2z0\Vt~ٲ.zVzbmTBNBξftr[JgDP1 ֶ/3['+TyrOT/1h+.!◢4+[iN$; VIt;qI(i+SH^D6]- _X8`^hhz{XhByp#ն/5s͔æXݪz Yᾱ!@reSl-ѩ>߽6#e"4عqǐwZ|Qx -H"܍{E'!9 *Kplڌ7bbVˣL㼣/P<Μ>8fCX62[dؕ\ =6}rR8AEn~F C$W]=4W7l ll|8:e6 8ſ"lm *yYTbO,#ы矸5 xPoA+݃1wiKAWscc3r!'P7jg+jlOI`#ekbOuqs',/: Iv&gvs ]=zq"HM'7}<痝z/$ҾQ~v݆ ˋ2L8AL !6#Ko uT4]CJ׼*=$&ȹ}rzN_OG=⌢웹#5Gh ҈Gt롻j>=r"q-=h_<Q_0E?~V FU֒ f $cnٰ:nV7~B|аxN@%(ԛ򻣑bG sEs6ATYt;W\8rj*c`ţj PI*nǹE~By+f8(K=Ʉk^WT%+ Ě :HT_}d2jvy L"[޲AI4bd;+ S3h8;ȍ Dc!A߹@7+iӼ-#iM#4%][/6!HvrvKA !-_Y,~:DFE P cM[' ڿ؃x$hp%qS)|PT Y0Z`2^Q׹Jf-5u3€L[0tv-;"Sz 6ў d)F:-#C`MAz}#  -JmGnUFc #G5wT{LݡcR* bV% LGEE`,XꙄ,nhyYZM4aYF2MB\jOԓ/<IWL= ] V\$&~[J]m+Ax8˧܂[EcXؾ0$W(\2=_|p(spWx 0y,[Kyņqp#JkgAS2㕎[bq?W$cCuPY:V9D0Ef}n98GJF*T-W_s~"H'\59U-xb< pM&:Țw?m`44ڶjel8h `-;v%#}ix<;} ԤnYhg 8Ӏj*lNˇbhT)+mxB 4 Y.f5k*C)64q$wzy %}Dh}B*ݎŴa%8Vŏ8l]1RnHX``y]bH"IBcyl~zw㼡g+:O&V!b G`L;j)~ .1bYh6>@UQ; nKMp&Ǥe?̞1U8b~\ *|_Z}JJ<[d&;wuT-]Ժ#jOE"q@ |q Eﳗpyeod=ސ +H+$ӥ!*\ȱ ,̉u̪({3*0~o\ɜߋMSh/ܖoώrwKCvg 5fʐZv''v߮CKfvx;ķ&CIX^P@fo/b: wdVt(=I|9i'Os %XUXD),D˃|A'{ G b ("΋<v|rBƱu]wLc#j8pY!;<һRICe^\8;c6KPC &7Y$DZ~wۆJ4~O˦hiSPhR[RrvcvOͩ!Ļk=YO:V![42(z1>pŠ {1F%ɶb齞J|6_d Tɞ|E 7<KsFEV`F) ]#J҆Hh!Q ӱ~qbw:39RG?̋_oȬɟWw&5&7>jeij4pS{V^.-).{8XN楕Q+ &J@a!3X|kMFDVҥ35. uw:v1_>dg.k6s~+tjv\ -bv>w8)8j"fhGh%S}kDq@d7ZKj)oƘ)88(c`ciaDV<}yP՘C]M8jhX'@dBlu')Q6C5~gόl1n.k:5]F903̓6ɪƄ|) (!ïQ2̲ ȷH 2>$b.n[[BLs1 ՗`زڂ xk."b?QR;p!@C22Og\)q mFTv;*rǭm۠7ۈ*YSm-uc\{ʍ[w}Wz*jKDU\\ðE2/iT :OHD_SbFS'Q1=)lhHAjjZqbvM>P j'UdfWg~չ 9 uҠF4~̓Ì&8~W\J^Fml@~aRpE0X%Dpk.DNrPɄ*q~K_bLr),c\ڢ_nP7WRأL$uDZ) HXb%A4K"=J`tg"Yni-|bφo _l$ 0!AlH$COBxO?aJ:_% M@ߍ2|5VU 0?5q&iR1hA5aB jZ'3'8mEcsS!.ZP,ET 5^VuE6pd ~'rHFRI??ivhrL9d FVg~7p+% ϸ4-t9Yآ' ٞd i7Kym第hB0;ǀ\LRC1iPwa)}'8SΣ۳}Y@>N:5 bE,AQ'b=xU #.I{л 'Z02eEiv,@S"h^WtS)y#w,Hsb1},hs<:%sXjg#^$=(B(Q5g$V2\ ~f+}[Iͻo*g+J Q4ubsQ.q)`]qM%G,;L0ykVģ hHNpRj}:QH.[/E& :LbQC=d֎1ӰuIBGSsv&ew"/*DR_b&(i @(+Dلk١B+dpecb&N$y\fFVY&FI#ȿYk$V5s(? XrM5@|RԌβPWws(g5Ͻ:A 1|FklB)Mgosj򩅥SwLUJPh`W,OR+(f8m>9bf \P_#tP#wV-,3xaBxrb0¸^2ITfJG9c 3t@47:(1Bj5y1 `ϰ[Ɯ 4MCbW@gd,W4N{=30Ϸ0s_C4 y{J,IAtcQNDo<ϰKrEI^2i179ÍnCBNGكڃ#AVZ0O 񓉓S{иD)Lݺv=A"RkRWXJL%fhH&A2(a;hJ}V :fW6&d!yb?M`rKj,fY{)V犷8coA}G>=0XF+S͉b"{@7gD0?Df,p^6YT\ qߩp3%w+@A`g1W}w*11!ĉ}:i٨ZӆNK~:byM"ݳ6b*0i.iK;nn+?P89WsueKl4a9W(|!l,&p0 raǜc"B?e@̰ED;v)P#~"0*FXXG0S6 h~SN)@yNg4?#?PQ'!Dk3BJ_ 54e! l@`?$ B@7k<.xqU dP:Ͻh^IYѷx_e^&A"\{tߢ>Ng_ۃĨ~^\CbZ_v!Ct#zc75~϶A5!gV;+%$)ˮz/8z$_7ycp}| j&;٢y*=p2_NZp"7l19)KWg]/K2gҦw(HYYA_xQ qM.+*jA'9FCI"bL|>cpO2y=CW/77qr#g/e qR=ڍ ~0 8E_Sf2eFXьDnXkuέ8A饓*;Fi.#c%kF=(SWPdH0iƭ|,q1fwԾ䫗~,`;]8lu B wbq@ׁl:"ుZq_z3\:I~4f~5)bZfogM~=ݰѝIo%, Fntit.jؼe't?WĪ&^!>KRCy|#J!3HԴS.s?˔+l*o ^R*e/~ݍyԬ:~Uy" ~kRZ+-?lS[ad-;vF 0p%\_0Ef-9 ewLڛ Tn1c ɧ1"p3<b6>]UFnnϿwN(Zu*壔N8i2%Խq4*dEʷ8[}6|8e||cQc֭U]͍cG Dj>ؘO1 +~0>Myiԑ8˂ _"csOޙL ACI8Z_Va#S,\m nQ*nGD 𢦓L>  dZ0:(;-nt#II@іAu\(oz}<#)N0?|6(JYlT'CiT"_G(|!W3PBfҪEgPzֲEc ˕]@{~[u_3 FFUu pK.$B& j|N$HZ cIJpRyC<wcԏE> `aJ,jol/?\t]vB%;٬*}BU\Mo5PR5."b)C5%V!%! D΋}AmNBԥۛ*JRW5_2,Yk,| ,hPB>hy kY+i[ʬ|KNqn}I!ӛQ%1i6Rqq!o2&wȴ=ntO;p_(pTU,hBQI1|(y.+ MLQi>`l>7^p|Wj8}v^*{:ul\a/qF,*MUPgFl[֕^K vqu 屪}L*޷8֜mF^,,z!L.gJh{Ѓjjbkc~WtWB$m&i3 toIEoIgB&a^6O}Q |ls@-W,O$[JleCh7x%;<ti ϳU5NdԎ{HX..HvH^1}Ͱj/ E;x>ל6$; #>vBĂ. ~ oٶLRx%F4UŽ`7h~Xp +4g(r+N@lPNkoz ??ȧ[`Z?G`]}7p r&~P>I@l++U?SR^Kƛ["nХT H C"]<[-mb*!M*Qbfa-bpWBsSa-tف\n+R6֥ѷz]"j6 DfGS*>K|$i)RT+0I8"\nF:`"YFO-Aaܶ_k'&n3'Ӊ0OPf|!sՅehq{DD O6-̧z=i\`b ˱vCL*jH_n2QWNpq8s I4k_ .gah5 ,DI-B;f)},x.^a`;Ph'CGz;vlWNm*6u싼IaE4xM{39013+l2[aS4ŏj^|}D_CےO/Ȏ`(SΥ.Um~ I`f'͛x d)ILa,NWY~|̉pdh)wmYuw'GaĻ.ZȗUʘl~34LfvnQ2Wc?DF ~.߹lzкoaϲi"1f[ @2JZfLNHaUko@I$/)}ȱ_xJ8E)G?9+X9J&=`L?jkq7Y6eϴ'S-9m-Zݮ pї];:4yO -21`)2di65f97hI;Zl~J=o#hS;G}d)MӜ5)5%94>"a hd>iP/ $MɁ8c(>uMSPKlz%30ɹ Kh\X?c5d >DA<)! L=>BPciN;T͢2 8dnrM$ęYVCoL cp ֣doSN^EFC~@%)gz^'GHkPXSbDX! 4ہ;|us ߷k`&:dy?|8{N挜O!-1٪6;vlp9$:bUB1 }菲1s7"1s|_^4rH#S%cof{6uc&Cj!zRZ`BcD}FEq)AJuaLj-PxÃhVX-n#Y*ѹӆ掫NWs$QvR.Wݸ/XgN.XxrrCV'Ľ"gu|sJ?k6Hk6$Л:!=6ϲb[9u[H-:0)ӻDj.{>y^^Ā &cBgvRgqNY0O䄦+-\fL#Zl(}#QI@󹬌!h79W)pgaѕ 1nA}MDJ;g5Wpz_ƻV&t]w>FHz&A+7ߵgq$7'Eg9PLyW|/yJw EhZwe`g7]ߤ5YLG1DN~ 2( 351M{AJ,_*MAr+{tWCm;ŝ@Rۯ#x'RŰUSR> v3%rčQsp! NgݯuCerpzF͆GHbww| F왔f6fz!@;]/gqtW`MWdP?(ڤncuAQDB}o,{-a4Pn'}S?Hoi̗ ՞24yxc"Φ¡/{~^nP8Q{bbHλg6 4M@ 18Գ}?fT)j{[I'}2z-`x-9%HSɶ>ra;M*{l<3YlC#5y<,t.cnw}ٟp=_^` EX^bKe grMZ -USx{' OfR٪fޣJmGQP"D68JeVbbɚiB`Ie uuCuY(asIc^)&uCAt J;R JZt'@^ٖH39OGS3w䕆o$uH`ȫՆF^*S-M 'V}^K%jNҠvy]Mksr ÷-|窊BK?y-^]5kC_2" y0_ y%{Ŷ3)'POǐ[ʅy nKo81bV,XUmVpv#BzwIm*=c]5>yW_nNTc3&S;Ќva-9Ԧ1ƹ4dEH+=d56-{I3(@rT7>#=0m+gin,hK8>ZOۡ>sw茲' u: A\a޺ Ѥ܆wOhwO'}M^#/Ԓ8n1LPܣUPHI=xu^\yvWJXnq{Ѵ/QدR'|}{ꥂ*Ր!y!##\hinѼm=VOMl o\HF~PL]9ʧL#:|`Lن|T>F!l)Y7m ɝ 8K6{͞s-Mhl w1Iy!Yyj_ |F4Go'WEC{q/(LwlB+NIC\?s|0ѐf-8 +݋mv&n1D3oyffcꎳ!_壼C\͙/ n+8A[ xTUȪqiʯ<5f"lEۨ G>I_`jc[sw2 ^#znZ`Z:;C.ߠEq̩@ "@iȷ|gMB]zz72%iJdn1k\7ӆPdЛ&59a|[c?(T(+O lZ'UѤ7xSBReEU`ϟF WkKdH m32sJ(FvSݢZ%_^xfBq\@+[#+Zz.φ!(4w.{_EF;7U VQ/R_Cٗ~^gk1tL&Em7$;|p6|g!?`S I>]4"vʊј&|OhSt[.ӣMI"^ ҔcE켒MR>UQ(݃=$R1f h= lu W%K˫Reڒ,k-+r=L(;@DFd"60P*\i?DC8m@g`qOȴwo"7q_@څH_n'p0W!ptF*#RҺ*'6hcIT#@Qq('%FaS,H?m")<j4P,C8!%E/jȜKK&3bq%(kO@&`aKɐfټ+R +Uu×0C@>o4ʷu@t );43R~ '<Ĝ7q`}kvJ!@Zz= #)7pAc&`Kpt#<*/(Q=3~/qg-Vd:{E[># dȠ1Z*^iu`KWoKMlXKX˵ yOp|ymB2A qW:mW2?h~RhU*Şbs㋀`)Ίsq^AXdF}Vm(IuYUn ?uP9*G}ے4츧}=;xP\D,rW+8)vəCR\oXGhP"P:eN@ 8Su~M'3xa{Gu"ƒb(c+E^\XGrxp:"EzR7_y ާ@.@a"rbK3}oI:? LΨad0ȈR, X_ͤX^\CpR,64o&6DגejpkDC2вElUK~8b5׮/(Bu `-UNIqS܂: *J:^ˋD'x۳@5A4z`h@\No- ~f[RImҩnw8Ik8@$Voia_/SmфYYk4ě0\ǀ;06ξS_2wZa)Zyq#xtgnd@WQWOww bVw@m:PN*5/`+ڟ ^tpn}a>0h7{^}`$5Ӫ~iORA2GyBoCo. 7-RnjHSZ}U PK*?KE-~WV~P2ח^D4!j|Ծ 8Nh r#E ey':G 8ZeGȴ%B“*~͇}qԔɷ8P D{kTZ;^jiQ*ӸE2H)8pM7jnWrS&0 Qoڠ}%,`O2tO<ʵC^ö438`G\׵vkR})>~nG:fPtבֳC]p- 'EunANIޗR9w%dgO[~ ) `:뽯\o_Yw^fx]D"9IFqZv4~S U֬^x"m@鈷ETsE |0yaZzS''v!ݎ'ßsJK4^,>Q%/Ej"* YI̋VL ϽlIKN (vn<ڇWV[6;X-cģ֚ՙD璪Ӹm0[JO`N~{qצjHv8\!<9{]#V-j@N,TH G&K~!(c=UJE?XIähA$؉JlbcIu& ^ ?ާkp9c\, ndvZmvĉ} -ڮ[F5#Dx+zCZ)Njȵܓ}V'(IXL֒1e؆cQ3n͈k9ǭy1s3k&| ^CHIæIkK+ˍUJuAFXN-R]٧(0&y@:Vxgt>Mfwjrrg7Rh[O$)Eԙs'I?( 0[S(W% ޺ .յFu؎n^(7G`U54zeU`6gTмzU]vo3 JG=Cqʩua۩mҪ_[TJKNc )b!gCw&{S@I"aSJ AaB'#SIJ U? i‘s3(oǑu y|TQX fԆo&-ᜐh u C$:aKR%vG켰^_ERm@U;{T[>먲7}&˃+ /҂2@MQlcz'{`=_ˮjtep18asR)` &"WwElpH=H4ıPIyP–(4oÄ"O(/iC";SFQ-/ݐi'^J aԥV0:KxuT;TC+q|,RK:xv"p67fgHəuۤWjÒVv,Vd(y\:udHUJS ׏c[DKP'$G=ݵ&1nzI:ќ;VMh?UFnO bjVV؟X߹^g=6Rׅhy#*}!u'c_mP3Q4#nvV .J֠c*ֵ8eڌGMk-z7D"#nq\%e)&ya9q:k*qGEY;ᶡ4"&M;vRI/M |~,v*"^]i8< .ɯlcj\[B- SredAKۭVjR~ZBwB;:2=QFSi;a$u|$1LXܭ`X< gz^Fɝf?#0rn1H3j'ݦw^ߴF03taΨ-Iu2(FTdeYd;%+Ke;FM+@Wq{2@Hw%?rg8NCۀR]j'F6W=ʃ,m'Nd>}dXG*IȔsL|je "EnjV+ɮ._+ B t.X]FШ#s2rx(\ݶ0&'>kQHE"5/ =Jv.}5G,O._{bz` $E׼PZvSLZe Q-Gvm6U(c2T+D6lT:=dG7a\#Ff8+z~${yv,t5EY4.%ֵAWIk{!>+`Nq"s xTi!tо0_xS_ɄuœDo `J5%ʋzЅ;3a{JWÊg b/Y3k}ls{s>Vmo[L<3L$>~#-HJڒǧQvL\ ě\toաh𛋮ަ=9'2<d!wVtd χ𹑇/k_IF~#ƣtVcc?^Ǎ&Qߓ:ea/\⅏x2K__p%*/r<\O!(g5~c:& Ɵc|m]v1_K1t/{b8܈oz|'|n!x 24N0^y35nfw_ /&mS[^XŷpmSh`ݘ{wGc|`斂KJ@xa%v.v3!@rH eZi^T J C|tģxdGx4lh*rˠy p"xGkh#mţxG@<'ţxtNYx1@< ,C *jǙI\DK,Cdhd:p|$?@8-Gh?A~N+tߠ7pQǑq\'r)ja}DeXDĀ abCI$"I{T~ߒFpdā#1M2dBrJz$II#}Hcҗ4%I+2#I{2t!#b$~)Qdo3r9GS` GIx0 C~n@ 4('pVGxut4@ \8r`$_r H=L%7_L7q&2Jȅd!Nd..& ȝ,!wG㷟#/\n"7< +^mP%/w5`/YS}ˬ6A +(eT) Y+7’11E)cKA,ddG)Y rhOVz_#h) VbJv؁AAWc+uŁ7@Ńl8.T|fXAa*)׍,~!:$=J aP3 @ސ(QLWޡR򪰼 #$ .@y|(= vόG&mq$ ySrn)L 0@ q7*|dR.ÅA Ep1pIHuо.-Gee0=6QaGumB>G5|l|X$C~: К|ArFC00!X5k)@Gjq?c?_h/38:qq@ )҇˱+R.L)zTWܾՂ^OF0k94I]l9`NM)7q)7rif,an)[Q![`+P,,ĺ > `뇅+_1<) ·̔;dypaJ9,Ƥ܉pWQ]$J_SKH-OaS G ^YR2$CrŐ) )Gc&luRX+t!Te|e҅H[*Y/ w1ass9 KFFfZڤS ](TTaT"jdj4.I0&##4V4XCy^PF`3m [h3J{6ޢ-a'm)ͅ4<8Jۓִ $DOCdL&>d*K.tڟ̢:\Or/IVB4Eh= 5{5lS<>=^@~cM/^L5 zMi3:{[zA,ڟΥ t7##"!n;bIG>]Nѧt ]B_/t=]F7_MPT 1FF-J9.Y $EUWC&>O1T5Ր@n'+5~JmO6H~KH)t dbhGny@_|Pm2 hrrn&0 M_,^>Lژ?|T3 S qR =NC|ձ|yR cCj J;~f"˒laTVτ) WAX`H9% H h6G!͈~2^ {`-bLq BCw@݉ n@߅hgؽS0~31j̦}XK?t/2/`/oI1 ZMrBdŜ),$\0HژiH~EGPU=#G_AE3D7jn^Ҿ0|S"2t+C: yz ( "}%dv|Sf8 ]m5v;XοCO1ļ¯G% \ 3pκ^F1*hp-=Y?nNCAcZ ]Pa312\,5AU2.gp5K(q_q_/BZ`6Qdx/1eXLl <46 im84agB6G*+al~6Lb"6bS`6װ" e>v<\xM-|&Z8 ']4*Ҕ sN@z=yXlswRxm% !)ĭS`+el/S[D d`9Ib嚃Sp.jU%^ՍXM"?/RNtfZ5XS;uf[fjSSb\͕^qSG2Rit}As,{e?Z+mMnby[9I%?(m1_;%62A  #hҾ.!hc]ADNѵ.tl iUcD] TtndK:GWͮ ȓ'.NJäI1sKPa{Ob>T>hC[vײnή7D6ӈT (6J*#L2&,T|iB`+.I]f}D丱0iA'7)LZ`A>Yi~.zyʚ0m%0=*e@*vGd?!"$+jAK;j!(?P Cq4'lV pr.6L> X$BR@׫AӔNmiHto耧!h2Xߔ^ g1rP6bXy /]luI;Dw\ 77VЊD6ؐ; 21E(}XE&~_T΋ɤ:3blK LDZ=tޭ^D˜Uv@RRtZ/%D"4¼IFwCXGx_H DB,(kE]5 (ЌahDv8&];2 zLe&%N6?2)B#BHemTCʐxߜqs2Ή):LhxKLeDA7)t6(h+Btf`G{l%=s܌9FE%U, VؓS1Yʘs XlZX50u! 0ڥXOz4sYDIhF~'?9#&dzfl#b##c+ɏR0˨XdL4266rv,ظx?LhdR,9sdr42OF#pLF. pE#}Ilz.ȌXc#W'WF#W"̊̎E5Eω-z\\ v}lb'7F#796-yɭȂ؆Y[ڢ`w~Y[靱_򓻣{h?i)K_t?OqS,˚Ydl(?#<~]yOvB(F) g%SJ*OVxÛ*鼹҈U2xҘwQ2y7%P~J6 ?SiG*-xҒ6R7_&r1\) >aj #?2!DȓT[PB$I]W\=\=1z$1<)VXxJE[] hUNQJ.etT34Q@S+FeNJİP#ŢxnxP')4d j =Whx3t2x y 6Iyׂ…0?  ,#/WPE\JGG_\AްMmt$ v8LJ(,?)>?)PJs*h$7pj1Һ )A "C !32.Rt(Z?1/+y) ~L*#Jɛl?=gyv[]^ݧc"ѱ*N4a </ V^S.1:fppE=[2#OD0!=\yTe $+@(r*+Rʓ0Ly F+Oxe LSaR p"ܣ(` ^;1<+U+r{THH)'Ef2M +{-Q R6\R=s:!9hG)#"I봩é勝Zq4e~Ni&Bq| Ō%-OY:[fzK{_c[A>.AJ'lfboJβ5ltgmv<{ygo$?bp"RAVHo o$i2qa‹8d4G&"|o2T7f7"ϸYrdr  trqb6].Br3͒q|ݐE~*|\[*!W9\Ԁ05 MJ50_+}aX1xRlRNfSJ1U%DW $MM"o /Wlr3Wj yAM%4NA5RiIMhs5f\r#!58kQ=2GNkD'F D0 t!{0·N'3`6\ʝD / )0 ۝G($4NXe_? &ov1SV/u%FyHeݵ4-vXԡuM]jԠ|U"CV&%&%4T2*1JYFuiRٱp.Hq +rRj@[?5%MɓzRvђ4s9M -@\Iܱ p*adٴdo̪4E76TuTPutjil4Tk&O~X"Q\VN8P4w58C\x ?5"5js#Mrމ`k#qס._{}$_ 252n1+@Nd"Ʊ$E3hֿ44PrJnzd0WY- (É.E 7xޢ)`A􇑍/A(Sh\cՕ0E]szI>7a4<>ϪBZ /Zx[}>R_ԗ{I]MPIZJ2ELz[Hu+ꔯ6r&Tݎ2[ISw;. U%K*#F~J.u/PGQ$)QP]oimOhwG:XL_YoH=LWctտ#tzUiZCw~Fpa=j:34i `IK`D6DKfvgjlilњeZS֜Z#-Z6FkMOryGmyW-ZG^u⓵|օߠu勴vKɟzߠT=~@Ŀ!vB$i#(2kHzB-kVTx aQ1>Y깲@/ׅ78i,_N@ F"]/$\\ +\aO ao]s hS,VwQA0,͋E΂eUa^漪K Z|k#Xô{GC 2N2hM,h/׵,T9`WBv688&@km"&AT' iUbwi>Gb/4]d/U8%wUzEk\HI's9g*O@˲B(Ҽ'C7[dWf웛(v<{H;.0O@^v k9GO@]"~:dk3 GkWBm6kZQ$:$цԍpv3,n'[mg*ՐCF#u@ Lu7*Ed$|%z9%Z7ŦNPLjky$`.^ !|CQg@ OS#u >0 :Ht.3atgppxPiaprd_0D{&jmK_D~AETj0?.By8Ɓ0Q6LuVvHv@NT ݴw=75-^eSpi}|v*N!  ͏ pDnuѲcY_gK.[ԘF5N!nvz($cx|)^BۏDxh_lg7p0_GjI$⯆Q(2NCћ7>BYl=/~HaƹS' }=B&] Nz{t"B/ iX href0ϭWͫͫFjmEN܊; 9]l҉F-ĠG=8tKJaM  !@VQxnieQԅB*VI0+1+k x.ӋyzDH&SEP #( D z'?H'!UCWT'i0Bgp<]u xX7an=)Pa ވ(zIFzXoJfޒt;z[]>z';9_J.лyzOIgrB'jlҵi\_OXkn};ЎJAkO) Pq) |IyDd_"3 K2Wom/x#O{S?7 Wd_4sܫΫrz_8XG;rE^葄ܕ"*7i=Nv0@ @%! eS~@, hv#p^CBgy8X/KIp~ܢOP S` KiJؤ_ ~O~%> ~g?\IoŮ?63KNE&G4jjIDjy$*2BE\ޞ".Rq_TnRZ}\ף6yf ?#:kH?M^ÒHJ)ӛ"7G2zQlpa:ہlGJ[#7t Zj_b:d"wP:#_(vxr(U6 cć5B1wA @ohχE_۠~;r;`.`~RƽX9\G9QxQ_ [1W2ة/ ) 8?O՟%>}-bb/Hpk2j]q' 9q2 >S-2eZݛj)#+( wRd`T-.h-TU-"6ZW鶆uNix^('}rB!IenW?9dK.$ql; ~D!ш-WlF#H2#ɼ$ l!n $d]p TzåtI>>ZJ'4GZD-\,(`ZB#_+ha_! |m`@/A{GNz2ڤ%BOlr~>VP j!YDV8t' +E"4FWҧŶ~H';굪3.` }=u=񅠥7lUKwe򔦬8 <,kfa>+Tb!9!ZQl<UED P^N_Fȹ :Y$,0}9L_ B? SJ &>ch݈n*%yk !o+ #J)S᱕[$l_=bLhynT $Wy5x}Yw# \ ͂ih!f)ͱ´rAk2F~;Tn}#R6×˥?MqsFC6*~2KK\ѐMB {bZ"j5ia=$ 0ݹktW(I`N؅+"ǮaK黎$B͌i4)I,R_`=?)ҼbE1=QLO'm9Rg)#k3#7 gp|8 o]0w%\ ] |`o6 G|`FX¾w+-|w>w?={$t߃$˷-#}+HJ2з =AFVI5B_1{%|/|/|/|2FWBkrͷi}u -RmE}l߻4{v}@{>|ɾ"tK:w^sO^ iISTMy65\SkTC+P49MY'(5+ϓbop by-\Jy DQ÷4]ySmw< Ha'RH5TA^eJ;KuU*qUp).gcL="NI /Bne54q"H3;Re_h%uPÓsVF-$XqI((Y5ɫtJ y-=4X+txe(!41IMdD׀."*+"s/쇯I$p O"tc(Ԉ8aJQԫA wEO 7; |p(s|4q|'&_ ,0\j  5ta b' ija^-Ir7Xuzu@3/M)/D4ל  E\}XϢ dG(\ϯE}$ɿЗu&/ yw1Z[ {=$UX.Hyo*kpak s*X"GGmF.eѦ.N 7BBNraI'% (9lH(O&3BNfÜ 68gݑ8FCAӨ(QeB 5t2lif<j4~Vf9N|sʮ`SM 5u:Dl9/ig\.Ns9igN*8-7K9b.Ӳbl:ZV،50! )nvZ(7Xj(g3N모㠓#Ju]U䔲+E̖$: a m<6gB1JNsRvm14 %Eq(4)$ήZ>'q+R,QG!.(n"| u;{}PzC(݈soPa6_ݭRI\'o2jFM22O$Q7"'Wj| ~l|Jw0EA1~gaucdqdԒ&MBb¤d&'J:2-L IdL)WOو3ZCS4̤&M0|=lIǛhC7[6tٖ7ѻ\Aٞn4;ҷNtٙ~jv?]71lf>lٗM5Al9-0DzEv9kcgef![i`^3Gm93'Ds2olN-1lmi ?NoO%tBhR =uz#d;򮿖C?k{d Ք5MP.ު)iǚGB~"jgՔ/4~Dch>MR4e[?b=3`-6 ~H2Bw;鸃"R8`w*efդ8އ5>4O:_ü>|1OwyՇ?Nj<&&֖%`F!(0\!;4 f΄lJhe΂6lho^=90М C1i^ SbzʜsF׼ 6o'[s>6o=Ҽ N j."baIZw {H7~|ÑENfx{u}¬<$z7{($ r= WOGմ<]*$rPj:\h:階R7~`HIB36UhtRN!C` [ F IЋB!=7討f}N 0*Y~xD8OBc)hj>50,|ye>gka"6_pjr 3_}Mb`)}XZ1VTi;I%u斲aْB BխF<"0heHhԖ: 8+ף-a?y'#ru c.0aH,s;0wA |a| w`.o'q(XBy \L){A`P6E"7%ث<[=t/hwX^0&byݥ2B 29g~3_0ȕYc~7=wu0C!A:0ŎC]qQ u}l?[96=< #xB\%͞/OlZ?A[g,g%%y~*XƞVb1PiytJ| 7[@=[gB.MvF he9Ϲ6ȬQ0cؕ ǡ 0ƬsS8wjap Xs%`*)^ hT:? -'Pib){o;;G.FĞyS$PG[ (_vHVH VGuD-k/WIe8)r=cݍd{ֽlin-At/9d[Kjc0z&$Y8*Ysp垍5}Xr6ƫ &|G߁? cIV ]݊1yT'Au8]ԯ(V f#7XاB<6A.. Cń PTDx<*]ݐ.p9aoX/!ox膂&d 3 Pk2čJ(`U͈ xz\`A5)[2)~ӪNF)RJ,dՇb1~I#K Mm3T7 6>rKԡ-hgXn&ɰ`Ht,g@F ?(vBr z(>1r=Y¹g|gpd탅^GAN?y/xʬ(A ޴Nv޳jaΫ6mJlNmd*ij$mE $d'v2lqLUvm;z1$wYn;g璥vYacvf)ynFް[ve$حGa [vkJ6Աsi ;Av{zݎј>aU>@v'G!K"|$ҔZMIZ(ihM4ǡqwojJRb .x H/Xu%n}PJ].L~$w!xKNMOUga2QEChUrxIOqt[њl)8yB]5b./#Jytb>Y McWr|i$dК- R;a"xT'[[opce4vخ6\OB ϼNtC[?O?Vj]fHK O F;)$11JrTUwD7ۈJ| ?#dG^_z?J4#/O7xv_ ɨePZƛߴ*px9Z܀P:~k_i{:⮓]#N 3 üY覙N8~JKer< w@$Y|}1MeD;*73b~& n9Aj`7}~KF] a, l;4{@Wt@_/ (?L@n>VC1Lx|dN,x٣G{,b =$ӞBS#|ɞϾ /!#K(2ɹ 2;L$35d}rZFѾ 9d} žorwbr¾w" 9ݴ}?mg?DW [Iq:~^d?IOy&zm?K﵋ 9"}~k&z@%[j&^{RkPr5`ˬ.Xj@|TC RR-;K"`k*Tŝk~oy-Z/ݵ;=^[@ U hB!\q-įƋI傊$gYV _/ ׊m[E?ϩ'E>f8& cζ@7C]ik9v%߀v6dt A:g;` &d{7L߅ PQ* ?jGi ުt?Vt⭩ȒLvuWIm؟Cc{/\U#?Xe TڨmsR.dƗC4e]~.;Sפ^y1`)/ˣ&_e7A=@4 "]biS ISSWj|jyMu[[L-70xC5$6XAWY\Qm+xnJyp#}l9kZ?H_B#d:ـc_CNF΅^d2%S` O.EHBj )Pn,GgMGg + ~$d2A 2 FPD! :I&8Lb4$ Lf,l.պ}Z]@ATZ/uivkk(̖ sǜ39w< /8>6V|q_iMo4G>֌␌}'憠`Qd\iL$? 1+4ʌD*T0F8YdL8Lilci4Sq&f"O7ьQt<͔'(TlY LT"tJ͘Ke ŒSi*eIfFeh.,AjU)PE&:MfB +TmԘ5 ՙiF3hBLTorj0K0 5Ɍse,ll(ZNgjWh]_ijk̘Em&ZeAo":E&6h| MƌM2s҄L˺%.EaP(bƕ(&LiC>7ʹ._Is.f9T㛚:ju֎~ Rƽ]p+[a{!&Drw cr,s`Cj3'h}d6r24n_0> m5HeMxco40Sy= a GWh(4:F|XXɣgoF)_Ǡ㇢)OQm(9,U$_[ NחfH, {XJ3ZAP##Q_O}[zO2A +R,.p #uҩZOKP|5-N^au=Э3?>}0'^C(J|uGca_,,rl% ƚI}XO/ }Q]=+hT|YtdJuI5uYi|pf7gH1D*I-؁ͲtVV74Ҍ[zcZfeeh4auβtFjfDݞ ^Ͱ8*C.󚖇8pAYʹpGz>8p#TEUM/pnt3Mu=.}gܱN8ƞX`(j'e:4WzBoC4⵴xgDJZ_Z2s$e9rBɈJ6\֬zɱ?!pa-P4 y}NYb0rfہ1ȹ)%#xE?^;n~o,A6Ey^_+WL;m_]fo9{}11w{ gd>Ng;ߥxfO;GsAL89"@XGY\1yXt4;~<)[*tFq5+r ]i6ǣ#ڄqDXtDkN$k f+&NJ\28Yeץe 9^9} k6%DR,"Z9BFár;cx3F/1x]%97I}Ӣ=F9@.˳: A`7dJ͝;PXzX6LnVhLBa{kq\\zC]|yAhmC ^aGk4qHX.4ǚ10KP31 K10шhb,g ]s6{,t&Hir/d*݃@MP//1ԠAбp7 sj)͜b_|^m@_] )!6yfϘW/|̈́F^C039iLЙ~O,`lmdum ^ݘd$~Xk(JʩE X{@_k<`r.k҇|T4nWMfҲYZcXڏ+T;Gv-RMHJ+/ac61>nAii"0Pƍ>'|đ(OeGxӼlr9:x *r 'eڃ햓1(wN{ڮӘ/^Re^]4iI>{FrEig]喚hYn<3::$Yjxb,g_=G/mDz]߃vKF$lWö$ض8qٹ:n9vQq*I+\}ԪTq(l*ٺSʼnNqZ-J h_4Aa>T\E 쭼]p Mds#';GG77RTg'ɂ OS#S N3;}t)vxځ죷 }WkFu: 0a1ӽchĻ5xOb|h >6܍O SK%Vca>H O(>3_F >RQ_PqqZdꑅ8yf52ݺUQX Sɨ]p7胯|kCRvAWOIZKl#I8?Q?s +,לv :wu)!|kO܌CL;.lq-~0x4-ij=*M NX`f[B`obUa.SVBDD{ A3d!!YSIUnQn\)EC^0rAnsxa/nBlܓl^ 2pIjnw:zChc!S-j]ԏqI. WjVϱʥU.U K* ٹعR!f$*qM >v0U`=et"p-Ct26<` Vi!>9-t:3h xrP959qF!#FT`k!\\l.rf8倧p é`/2bWqհ[MQ.٥OmCixհ+T8^VWʥU.;v5ʛX-HmB1F;ٴ Qt>ȍpd|Vs.sX1ԃ(Q 4!o!Tj?#/;Qw. Oyt~0²/8v).{9;D~Q,:Ky,𘌚.^FgB\EyT/ kus/xtԢ:$I,t TUpJ4ko.{ٚs_!ַWŕLr|,פHp#eJ.\Ev]ߎp=P㦭qVwɉt0Vt'Lw\4'}\=fzMsI h_*L9V 9L9ok̟A"f/K:S3b& 96v%6 meBPEQ@NںkibvW-R NЙN;ʼn <}(O C;GRH蜳=ϋ_ "/zB̋A\@6t)øw0GF +xы;9w%Lpb-I_+t)}bЏE'ڒ@Qap1-a[9}ri[欖ӵd{96b5{j{D9kŜacC"t\} ׅ@AW$7UcaѧJíKB 5{kekLc7|aUs'L] ǽ&as( \Θ sZ3sӲnq}VW*"1$S1m+2 #/1r֎jPdOgd<6OdgRc㓉# DK6S7 7U| C*i$VPHԘNfɱ['ciba#2.2liXrUSjU?' ۯ\ƘZEjTSL ʠKJ'q!ÙTҲj; bEf6w=Zf)ELISxZůkoTcX%Dg |M&LjR6:K6.&4dW,%x|긑#'-gJJҿkeݞ ɊmV)"k SrW%nMۍ ,&*a tȔnZb?!- صC0 -{PMt[OV3M$pӮFP%Y͢NeK _'heWFIծ6 aXC :db(}fLjiòoO';UśIJvOY!$l А@uC[~$:?/8PmgΰZ\I]|(!!k5K`k/q7JF٨ۈ.x"֭4Lesvss9 M2MTExSb/vzƩیJF{9e!euc^ˣ.%/ɎZ&U(6%3 jDpЏ$tu{J}vи)Yp>/t0J _߀ktroR8|D߽ܰ@zkŗ7ܭg9P$0x}S ;,'}4E¢.nw!mjzk#< *tFl#(<Xz'W$O&5g) zΣ/i މ3/(oX]:>- e Ը兴eW *7 )7eWuۂ :qw5WD{Epԓ;O6l;K+aOPu_GPGg_/[>)xGEEY@b ,"l&hVVXI 2[؃N{Dlg =#Fq#~ z?${# 7 3|*9>>(~d{/s~LB 迯^|PK!5 +com/netscape/ca/serviceCheckChallenge.classWit7ci0D`@PB l#V! "Q,'5ci, i6$mhh4i$ YB$YMKt=zH}#`[{߽k}e/{İ׆o IR葰OBZFFn q^8h!Waw;]P%Om->{l2>hhc>$&a ۰1Gd<(Ya!;>%)Sb 'e<))©g lX'd|Z8gmN/Hg̉:!Jx ='Lz'zu늅U]eT:2ȉ k s(:_am-XT UOF gOɨQ-L|},obﺆъ TKjMDnU;43%Ὅjۈ0eA ;v7˒`Kb(Dʼy% g(U]7T20i[ǵdTۢf2R-#=ҙGE |mzBz:dPLK\E$OT66D#P. qVhPĻ0fB(Sj$ * 5Bp/N@pc`hEKSZ|榎@KKs ô+8%e"ἂ/+%3$)*4Yx$-i5):\Eeʂf$*h=LLO|2,V> Xt$x]"u!XNf$TEI]#|cg{ޤ&(Ycagc|kwue ZKLSc ?ď ~7?%+~>{9 r\W+Zo7[*BjStZ%SbdWJGE;,01&#_kkKп5 ؈?Ϣ| ],j\YR_𖂿o'%Uad+4n-wtwSR I} Z=@!&l]c Mhi5_fh֨CU1cb5=,]MMx`z*/)]+CU"ԏ :l!|#2t'gk^^$bȡtp\me"Zw4e8]ڬ,Q&pwbR"Â-`n֙ȬzZl*s"w8nP1|҉Kg!\͉TZSВh]dJ`2_mG@iOID;E;Ar]`鱍ԧ=ĵ3̞zؒ,J5) e p0N:i/.jˌ0jbƑ6S5⺀ivuv lt*ĠH1rWߘw#ưRUāf YvXH0l&q$OBh~D=fgarW>s|-Frm ԌȠx#˄-dr J^~JF8x=ʹKx6t.IB9dp1t PcXp a M§!`82yUtryx%ss68ysŜ9bW`L\:f!0t %fc檗3wNdsX6Ŏs(Z%4䰔v8%6͖+;!T0)qKdn36mҡ o=*2X\-z۩O)ҏNe˩:jN]~iaE>ӚJUNm;, h7VӇB枧/P[)k p&,X̷b)oojkv| 7]ha'*@ߍ8Wa]8£8ʻq0ߋ~yī<7>x7ߏV{d!fKbVaQ˶cPz 퐰SBjp %&M؋!d W4Ҁ jtϳJǚ!D[T}sXv_qW `Rppy"qXͧ)CUS@b #TG?Z867t $DƼ|@+p`zFQz+aSj ^0-ygI.:h0'8OiB~^Ж\lm]t-R!ͅ&墦6]Haw;^/c_8cQϛ"PXd<ݿOY܄3xŏWшQ+>֌xf0G>Dt&9qI?0%6сGڇ ǴغMf}xO)bPbYRʺckjEW4rlkYT%qTGU;e8+ RZ Mg8KYU¡Clb *C|\ o\k(j)[5Wng*(n;J4x27p4b\aQKSW,۴HUK' aeхuYЇw%#+hKAc|14Uѭp*Ƒ6Ù-}[תBN (3 hR(HCY`8wPbI]¢+ T[W"c܊ EP0%n1 d* NDٺe &*`HC;&@&td*M$3ىtb\ GB"1 mM*υ`4|zQ%ҎE 5NW8elEj^{ $uhb2\EfMvZԝn$s F?[%*ZBֹo2)0urSBTJ0hV1#*~ 䎥yQ,]2j*Azj.t Ux+0 3/߇&!Gt2 L0,.$){7p!7k@f6gXCs?ptp-hX @`n݃G XuXC_'ږ'zzn j[p< 1tbnD^^/2/UdO6i\4- Цچ^iZ$fw~yq#_qg ~g.Xt:=g~wv__ Aaф`4MFҋe!я?qg1$#Űwɸۋ#rTQzL=^}Cŀ纘{#C`^d8!N )yTAKaihhid-k8dzi2zB)kv2xRFi&6_k"zfYkÍEb eԸQsD6B ҒCAg(êO*?q*ml!o2GvQ3 Ad<@ɕQ"Ta6fs]@ XVE+M+"'ǒA`G\ab"В}40֦x*>88C# G-_*SxX# c2WRhR(eaaTrt$A4<3"5O3W$NO깜0,馡ahFzZvфF SŜgCؑ8ai^."fQlcAE2^ 5ҥM2EeKRbPu{ExMxCƛ 7,>K '*T}H@4;xZIaDF grȩ-}RɰɎ?[Zov" aѬ|°ɱ3C%)nRIengd[SdɌ8-"W?.j"-+*TxQ(?2wҋES2hR7O{>Xmה|R*pd#j#T5n[+$ ;#Uv3,p4. 9N:diJ昢" -m5\ٶA YkUMɍ2Ks% iiSD^23K[ m7qf|I5]%=͓amd5](QaMTZ51t:JF ^/t鹆tI|sp'N $@|E4IIaVaA#8Po gwY1@K r-`) 60ܠ@Q\guM<{\.HN4df#N76TX#U[M jxNV. 3ךQX‰jix,+z55}P1- 9erп/pL_b`pEMΩF][ gc6lLSڑ@z[]멜Ve,p\Ræ`cc)/Uyݵe&=cW][YU];jfTlg|۰h «lkx]6]挺J{1amTa3tb6e`v  6d9ǝ89=ͭM)h ظ`X;eB}'ĭrfyyb+6WwK\{ b}1q09<*oj3W'2ԉP`_ >_5͆w:&#,[UQ+DVrjbY؆O@Q~両.Ozi^Ug)>uϞ.$26"wg5W@S̃rb 粼K|Ź -F$Z&L?9%i?&r؛e 7|<@82 KB"!/sB<Ϸ_ 醹41ҿ࿼ {2p[la>!sr?;S1LL+]^NSRUШ^6G6S /[" V<!CfKȤ\ #5Sp<y9шvRAlnLKf=A* K\0(8~y\xWWf(5McdJ omV*f|U᰿c91ɞAR_?(YrwxsʳL>FH$ 9ʈ&v&{.|a _<N =ԿCn wic;(O92Cۆ>cҌ8I:]Ҥ " '(Fn+V^<QYdwb GQkc] Qt2yT£QCaOވqsc(&8ҳȣ(\^jI.ö8lS8܊69:=SAA09Ƥ4$+))&Cse=nxIJهD,keudˈ8rz#X}j'ȱOcY@&2Hgb=?x&tbxKtRNK*Y3qz-^؁܃|kqk,)e)+L[͐RRKDl@ wYPi6w ȧsP̲tT*G5j棉bN p9- jJj-t>VQQS:i1vVoO>Sw7~ ݇jCp؋HP'cz % لYO**а;ÅPVgNnګ'60C;LI'FAK+YJOBC`+7oypW=oWM(;-qeib)(:Dk)ky(VvZ W%Zt G)CΡ 0$YI%F}oO, xZ^܌N/D\%$d$[Mv) x1!/»Z0 ;d-b)B#bq8䡓1 )q X[9((D %䡍-N2&eL^17eWlqIx@hAgy`ڥ1aӲK֤1Xٌٝahe}nZٌɰfF#K"e YvKu11wE<[0i 9:J󪺂 {fVcbS62{ Aʂ1xs % hV } nmL WYi)ZZ9-+Ƈ܊I⠂[aݢeD@:K*d)c8>-8-LaU_&SZ:IGSt"9K&z ՜Am>SxH >34Rh,v(t=ZtJJi|x!df6[nVSdq9&pO=LO fTj ŰZfI+\Bԏ8㪸*%%^z֥uZd3:E6'EܴT-&ȰhkX,_4 ,OP=*;O嵒gÆ;Aªn1i^j“};̝BgxFZqCGۖvcUԔQ:(Sdj?!\Ы뙼Q1 ǪS,W!H{)>}h:Zy?4~y=<?a~xy>cE>>O>'%=p~?\W~FL3Hb`zSRr΃Hɳιp0/eS0-SnɸF< ˅_l¢ .ɝ/%,_q᫄NxF.d6fL;4r4-;o-ICEyz*4l3`Z)Ҁ+b*i ݧlHy2)hvZ⩌911cfW(P􂙷Xby2<#ФF+AxMG4sv*zvJR]<o+x/(8Gvd@h|hZH\W|W|vn.ScqMhHB=Mt=6rHEK ~fh@;cKܵp#ÃZBt[cl+ xL.ȄP/tyKZ%wjڰϪX6K.n?O\*x ?cȵ6ɬe3yU&L~UsxpU/+oVcX$׆6̘7Vݶ]58 5L8i0 ?O ke6ӵ%Nh'5}L$R-\k79\Bł2LN\̞785:sLrm_)&sxXpqn,ﬢWwOk0 fڌ7UmUV%_0s-{@w6.Cm2+F,˸$|ຜPħo7,ozM;PK>s.x'+`k_A(b37wV.boUV],E ^C0ZV.:&DIgENKG;qwϒ \TY.&4褭Q6 N PJgp~"O** F ' }B_(J"Qܙ*Mw7Q8ie6sXU95*ga9\.vBaW8Q ViQy,;g B1Ɠdr!OQxJt>3ϴqJ\pDRaƳch*[s#V疈3qzCaݹJt zj=A+|bBDToQ?b3hQV;X?&/m`M ް+ һ3i*O5ҝ!  |mφt^w^aDgI<+a=o,GĂƧtSFLMcD (VLil`|(Ӳ Ա?RI[h, ~#. )j}(KfÛ^}pit;iף5/f*=&htbdޘᗭg/t1l]Fzu)=jƗg/_Wj|_zy\nk|?E|o?a747f mݡP,KRY?yoj~0oY5 ߪwm vIhF4UHf֔=fdl W p8K{{5CNH__+W5*5z~4rVluhG, vG{yw vե25 ^)"}|FS' 4d|W :I-Dڐ|0V #Z(#ްL܍<ٞz$P0oEABtY#[vz~izZ@/PARz!ӔAjouUz [T^U ӜĊ7g 4P?!c2Dbzxun*jn',FY n ё-Ȭ){j]6`&T!ȷt\oJj?)3NJB\bg?@iR+a+AyTJA~ VBj\KffVa[G0%X 7}>=ըDSu)M]nMILfhn4>ďK^xB')d\?#YvэI_a8U5 LESҢFY~N_J"3eP,3b'HyW5? R_T32,nRD0_5~EP$TTT/ualMULIr7#遲n)\TZꮮj*_]jaY*WCcSe{ki\ Ư bzoC72_Nқok ]S1Xнǣ7Ib2> kF=j b# vOYouaD*BQqVHYRz'!JT0*3l㘉e/(kpIs30h6OmT\ס /# RO'uFP,2DN^yWkJhAuyu.zn co`3gy|>cܢK7Ou+G~g ~!Ȇ D*xO$!siMiJ :|X*X,PMC[{\ qn@hș 4R3X ud&ac~ @A~.ؿJQtgL e8X R3I*1dfK3B9€{n4fv)| K쓾)eӺ^ҋwVWFuhomBithyڢ2\ :Őz^xY!hof~)MYXJlӴY*A$EC5>OG;QrL&0ʇ#e VD+5dҐa'`CDGaz'Ito2YDS̥#paոD$NHc WKH)W`if $"LD<'\ }yN 5ZbO+,0݇NXkD}^8SjrH$YMHP0@Sh$TQH/:ϷOqosh17>d/e އA;qͣ,\\`^ѻn0f..Rʬ9ɐ"c=dk좜2vM8VnҘn+i((q쥼2ًj' Pϗ`DF$8h];SGٽ:M]G#=4ȡtј2[IcwC!=\N+i"'5jZCgFex6Эt6=LN6z6=XTR=B*n L' ;? ߆ꌻ%YqQk;i-&4wD./ʇاv4M]t~a+CqC3qJ{ahQ bqGchMT\; L31mf@[hK;&P~eAB] 텦 u faŕ,V.J ܥ (40N[l6;3K'`rIFsW`2JS]EsjP_ #&Kxh}f + ~(BD"=ȾN XfF`2<6M6졅++QbŻhJ5Ր!Sl(H'Ǎz"HxQoQ]\wCGauku/;0yzjfG"RD2CnpUFԲ>z3 7 ΖY3\ JXĴ*عK,})wӲ,Z[z0*1_1 y4RIuheUwXeRt+eن`F\[ȎɍNjLu ,۝%M~Ecj6(k0$^[;܍{1Q0$d !sh"q!s,0y?ø?O}Y#_er?q}{{o?vx{<]bIjKOz9W-)(}ȝ'rwКM}?# c$ʿb+xwԧπρ#H_CtY>[X lIår9粛5^Cy5[yŤƖD}d{ (9 ) xSE=?py]t~'}kw&GuKpgY.52d,#d܁ 6 h ę, Lq+8cfS,0yr b3l{fE23 s#Y#A BttA|V X71,E )pϠ8AeLԓ2Pw1,B@+@Nƥ,\UܶM[NR)m@N4%I[*ee2dޛҀ /( (EW w q_A\?Y$3Ʉ|ͽ{{;CBMC\i ȀAvΫuhBOwĠf Pp!b ^g9p  .R `Ep!rxWo-:\[ x\5 k5VxyCD{4Qr}:|@Cʽs#|i7 p' [n ^CܧL 2ijiF<ã{|{5_4x'͗yLU>t]ƽu a8 [<]|[h]C\{:|r# ~l$񗹴L;4&ERkGnxŕ4Ln3Вg K4G:=ߍ:vhfdNd8u~>L;&EehS3}5a{B w؇DN[Na:/g^ tC[Rir@!mf>IeMhL@{{pLK\_\V84xVr^Ը4T7Ne^!)ȄA鐊tޤY÷hx%y0R#q+륈j2vujF^T`D ߪ@4QHWGD9iisp6]I4Jëd}vΉ[d`9Sqk/Q 0njx· N)8Sx^|˶H6 #g]W; r7,F`w{=kED^E%ޕaٍx͍ K*јJ MNx{Da/U-Ѓe!oXaE::ۨ :"M|=HHg *3\1u3tZe%pK4eR!(ޢ`qhM:Ӗ= Nӱdffx o+~Y1l(ޮhv2I,)3lÙ6í޻F$E»-ؙCv:O£ vަ~|@$3}R0>g~?G.O }S%2>+x5]DJo WX_HH! kصuW֞>5RuƱpo2'~DW PQ-Y3>D$mL2ftz8zT|'ٽx*k,)pc!q:>TDOi?cxruQ/guQs/4L)d`n˥ ^7qlQn~ b8w{lY;{ErDRoY-VhV[w{'MYGkPG?__A, Ua;bEÿ8[U~ Ey|we >|X3"h=˹g47?LhOS4ʌM2%? _aEMILfE!!Lq—P$1% ;Nv4ˋA͍ VJ)AGtsim4+/@]s^*mus+ŶR%JjRW`JNǕ4\R)9]Prl,%g9 8qA+ir|M.Pr\b\4s>-f9n4؇S$7jztZJ)Q%L1J+u+߰R֌ e>҅%je ?Bi b^heXZ:;e3rEJ.V-l2}ْJ/Wh*[>Ƿk䘂>HJ-L2d>FjbSUr y7k:%[/OHܠFAH*DnO̽Sw*Nfrܛ<ΐgR++Uޮ^R;yij2oj') `5mUE$!%5٩ Yr&c|ir][Gɝ& 9]?dWl٫d:J*ʼk] pLy%wQ8"w#ە<99Oq8n(*j%ϕ4%Meot$K4vuF jgn htA&%ɤ Sd8Ľ47eɬIr+jȖT P%w )u$$ 6i0T>q 1pZQB"| |:v5MJvF*ǯ39sᔄ5Kd Aogw[z{zjm29#eVn $vz.rmgL`5`uUƄ+3XrCF>0#aw԰6ilc\i6Iy):a~a(? 4BVƚ"5i$0%y`kOW,m=+ɤ'厝}XG9kȡڵ!2.\Ve\ȑH[P^-~Ȃ A ؒuSt2qۦڌhy/,((R4lO:vX2]h1Ѧ/(tF*o4:wpT:vGY $>ݿɢZr->y`عlFCF<;e6pд8tnBt9z;V=gŪQ.ZfZS9(hK. Qڐl+z3ӒC +pczHTD!p,8c6>D$f͏*!Yzm1_Pj_FT?5>g.̛ g^2ySɁ iES@*_H`W扶(²&)ّZQV4Se#Q++W UN>0Ѯ֝hD̫)f$9`.줧7c0zT//^*_p,Bi/w$δỤӑܹ䓺˂^?8h1W$] uZܙ 0!XXMX!/+_,4UQکT6P !Lʦ͸uvrFvIczbUF_@T]kaj>ӈAyckri,:;& SDɗLP8TM$x|+15LχPr}$6eaj9-}\{?6v".KTt99.)͜F~^V 9_D3SkB+<-"{?TY-FקZJ,oDepP=#6k'NfWhX|m tU' K_FʾpV2ic-eEwq"krY}H} ~8?RgPn)yZ\EfgSZ.amfmxӜȶJS:\TI*D%9J %3겾i /hO[՝Dgoe 6A츟#.2_?UAU;T>3wU3ǿॕ=L]咜/űEdM<"YCǒbN#sumj#**@ee,YYa4vw6~@Ί۷#Eۍ7qkȘS \ hРR^cZ5;SKM;1*(Z,D+Kg S|Hb 7>p9ɛ](&MW?erq"Rh/oJ#8"Ԯҟ-G4|D#4-/A̝ZW{Ŵ{|qPwO8Qu¢m1")V!V!XK_h4X4CIY.O am+fC0th!lX_A0|=+fVXhl/X@k^# ~4xS)>Zh;{Q1Ŝk;`s]c6*oX>{q+ȢU/;{:vADL:,i6C@6, n(DQD ET`'mdqcAAdQqAe5s~'q}z]}ׇ>Yg4rw%wҀ>}>lGø)H]1c8H838^`6c1qSRGMgI;m {[Ҿ%Q 1~\FYB ;'BKue锣=FL ShPq%cѢ5fZd>88'}|Zx*( 퀦D⠥rslۯVVe spAGۯS9BQܕ˫@]J\  J46 W nр; eHBPJ%VcN4*rk\/#hVMcŒlzR :0(l';()%ܰM)vbCTBs u0D-o0_Em7*((\LeƇ%-S\'` y8w Zz}U9h V ̸hܬCIWIc *h7^#1z~ŵ*IWYU5Nx$#i/{!A,FW> ,cr\i`51>zcÍx>*Zzzy xk6s_[)݂.{>!>N>v| H"vKHeBzc 72h|'Lŏ2 ?@}xZ|*IU$]5j'UUiJ%Kj42h23Bрaǒ.ո,H\%:"W3fKŇ%]o'g?3?S̷ݒnٵEn#ؒMNQ8KzEh95$RĤ id-5lek0YKoV M0N0+5+W\-:qk썃Yƾ;s*=щN֪p0%7:uS' ˶}w5-QB.o$ERk s^`ee0ci ,f,-|Y%Et@)1T:a8IgtMSL&=Hzi郕52G Q)w22GJI.# sW-<5 iWʽD?Fhp(?QLYtC3e #gXnZ9S ]YYIh04$84f+Ac"hBB.24L/$8YoI>*[o ,8t :vF9,*YY`yuEMkIk̗̎B> 1{jS-QʫwQQBr"b]J<;xʣNT'y,<.I32J\Y ck<\GX I$#t_&14d>9q}88DHH&LB TxviZ.kQB*/ITz% ʗ|ЉgyVUWyp˄V4[Ktn&^@5=1^6 iհ vl[1XjV8q\nGiu ?e5zMTZ3wTn @"&'Q4*r-:: :&ɛx@6al6Ql MɬelWd\>Sʧ\sL=r#I<"v@RE $A"q96aEԬ%<߷RFB,Hz5+<{&ׯje"UtpNkwv偸|kD)-^׽7LP>Soer#NtI*!i#t.\iw^=n] )vFVW)1|^vm4Is;vj)U]+Yxf.dav at;]03c o:]r85 ?J52AK`J-Zf3dD+XITm7TnZߙrbS4VEےi&X5i{<\4f5OC:4gR[<t~~pA=\Z\2f4hƴEJrh"4 s8*]RWKZ> c6<%[ wcϒ8-=НidjL@``Н--mȥKHI\#˸#Ka;K/(󀄗Rk?K,(V9Q4~\Go G8 ݀w e5l9q/4"z ;: TUIO f˰y]*$B8CP -PL_yC`i"WO}oMy8lyQ׉j.k ^ O -t "89BJ*8goȹ@kJ!!xvru_Co*tՂb5|w Y,H1;[[W5qdV#Zyt Խ"<441)SXbWv\agfڢa/3|) q֏mmZ$3ʸSxً톜zbhY"$,)yu^vϧ@.X0EP65YJ'^}{e.(AbcKEAVMej2iQvK[.K@kg`I/(VMIF>?)\h󠈔1.Nh2H\e7|ܥjQ)ŭ#[/}}&O b.zFZf>#/ụo)lz [S+F?[DX0 MNA ,~:68GQ݄i?oq~e5=poz5`A)۬]-jCDgt,[Sg&引x1&S\8o| 0ez)"qdѯ^U!D+jH*?'*Je& x,|zp?3"@ɖ[4}PeRL.6ܯFc\ZY0=6|ߡh̑\vpU'hVD+ q~"ÇS7](; IQLJ@&%pf$!drp yp-axf+ݦkD>luGu;ey m)nz+9-h;\&ώܘY]0 IC(ak205E`t}9!OCTkA0@φa;È|l6K4s JZ]a"b }}v׹KjjMf]Ln%Bx0+hR- XlDH .a{&,ЫsqF 5v>?dEmxF(m* }TEɶw u˪Ř/{ԅ/w:YtM{L2zzJWtݎ MCaNpww/?a[Z D(':X*9blpj*D bb8ir\8e7e˅4cDp{0:bZj\^ 6S{v1 KQ @\j8Y(qHetҀ;f  Z5hma#+dL:}X8t?(a:ry<sjIWO~ w{x6GPcF+RA[R}WQLЀ6aOmڵ ,g\"umtpze|eR6Of)uBZVFsm X(R[]^톬zod&/W@qɢf#g>7p۠UhgȧuQdf܀bL j) 䇬,fjškA̳ɿ۪'9K:JR ŚJ&[c}Vw;1(H#5om*t~ȕ,Xo·zZ!9MŴAkKaƕ@hy\Jd0Vc d$v (22w/' irn\P';J䋻Nbcԝ8yT]𢦫6>|@nTA8`s|yb':MY[1 `F*CV3 LLhXරA\4_.)l lʣ51&v5QI1,h7$(9myZ9q'C2 _GrNʰh,l%޲uNW3 C$: ˏ%l>2H}.)A\;SmRujwpw[]wzfjf6[xt\  1*ա?&/Sy<j SR0K#P(lQ2gGuMR ۬,[=|xSyЪ(7uo+Z&v"V;71}ikA6mLCuO(a7z4}i8 hwkC/:Ȉu55!2+ܶd z/'+cTL^ K|D58.vW: wJ(F WQ\ ;kri c!*Ku|, D| }9 _ڙ|j mEA; FՉaCaDcsDы8m{?O"sΓ7q}Ȏ4MohbBqK]_>:/9&#V˖AOuUAwrůmkPk [-;@F,HG#*LF6J;ץ122ް]6qn UOj7P-plx_] ;m:B7 ;][{ڻ1J~\SQvC1zLrcKATN~󖲠ћ /bX)fd6ʕ{@TE?0$IY/`Ze%%BZ9dRTBË4lG\S@W8s:o$X+OyڢAىϜ q9g}a$nu umJ˥)}<|oV4k tF9ޱd?fef 0$ɚ=8'`\?T%klX0+VXѼ7jzk մoȩ}~8U3 eoR}a&1(2cHU~A}*QH3~/ei) BMAsڍYv]_Y:]1> 4חN0N8&Omm·#}Ia"iY]z*ǕSZkcN oU>:.yCSwN&mQ`)A絁[?pV{Ce*olk|p\E,J*k7'@ eOB|u-E;ضhg#94 ɢaƫLgO5҉*N]ߙH}dE8%F#u#4ρwmX_jCN $c &{DD@#n &4uݏТs7MvWPpQ;$i)骇G\KTC|! [O 4`7~Kģknǀi%*6;)ZT6iJi$% , &H߶лu p}aQ n对TJR)!W,az=eGDmUіV)*c!ۭwaLž=;8:^/ŏ>ۨ{Jɨ&W7؄221c@\rEqAy?7,BxvS"B('WcJ8@odSVFpe\0 to@Hx"?@ء 9KD6BNEÑv4` .L)L<`; leXqo c<lzĔ_jk(~ս^,?اeiC]sdU* cS$Z=4 +BY S.U9o.Ր1:3` E|Uk瀏u2&B~)%s^~cRˣd6ނÜksΠ(..M@n~w>hF^~/zB o{|1ΩeЭgQA;Ȉ0x^y w(<,Pg J+_d+sC#m >Q{Yzo d^^Sj|}\5W8IF0M:adF  @| z92@}bp43ւ[ qߩ5Γ@#Q1mCҔ !ռS:v 4<~-G\J`pXn;U<.#t qΠq݇6H#2ĩfأO{lIgZo/Ϻ-:-V#c` Ub ,ßv,=`rMiI䨬Cnn>Le- 0a'ګ /R OuV$.bJg݋uKj&@SHdl`#80`}. XީnMĜa}2dpLw_)},FvFO1RN-1ST6½BGv2+M$QE,-TRU*Z#9'zC'{<.~J>*~ 쉚IC3*9UjeSQ5d7^hOk@Opm&qIȫPNe["MH}|^@vؕAn:8iqNc\9 )x|%(;}q>̟Pm]EE>A܌lc"P!Kym/g䈾"bJUF[plU҃tag=ãZW 5N)m҈(-}C,Q{OWK`aL^$(PZb\kEoy4@~A0dGRUEIct>ZL'`+o#Ȋ4(VO8NbwթT9`Q-;;>SsK~oxf; _>mR8È TrF;i`Dh ŁӢq G6hK)+7<(.M~ a]'vZ|5ѼiEL6~EYl\oSȺG+uuE)PK*S rv,5;f %X?- (I6lS[%D@O:l|s1*{@l)_"dӣ֪*n@1KwBUF6Mj^S.߷TG.`ʞ??-/+kmUj(OXK-kar'G 5.Ï!xY0+C QZBO 1:>N81g`MnB=8vǣ;X04% ḯ"/P@51̩pՑWekI)00;%+֬ v Eu?kY`Al W1͘"QԪ-x1e`WPnu+ߒ~ `Qj9$JCV;H,_E6S)+`)>›uk8Yt@>3vy0 $0Al+h5f)b; :z~Ѳ<d/Hʔ ߻ 3 ͢1xX5G 9_~nư\GMwЀv-B}-T)g(rӻl%x !6RZ^0+*lN # Hv-LZz JT]^8FG:hөArW=CJI=j^љ}XỊQc?x궦~gn2tG]u;"J+fP.QiX9%d[+{.,_s1E5)Ǫ6Qu"G~b0 m1R & r o=+^@t>ZshH8ZIȶe e&|Y:x+L IԫR~ݛ` Ξi\,$~WN^Td$(Gq{vFZi pRBEuvN="[\'rg@̜cZԔla苑1s-q 5eyY P4:5X$OOqk_,{#nP{(:Y.MJ&Ab"t8v%av說}N(.`\9;`>Qشh ;trތz1~&A\yDf!_vewi?q?+7\[6Y Y&t/̱8 WTVg\O83H/rr"neU7z zxbr-"- :EcB(W|J5Czc40tgYd3|;sYc.H} w2bgk提Ev1R@*TI19k(38[],Ʃ c(),.ГTFD2./<$WJ E[*/S r<{~Ǽ5Z,ʙƩe1Gm45>Xh5x3.JL WII:1uvB͋2֗bPjQr'6w}ΛțNDOXDž&?Xm)N<|\^ki>IJCцmׯrhʿ%r$ٖbkNMZ|U_yh{t~5Im1BMv[ugP5mo!2%ՁRȱ2UD,։+I4sY8s&7C '3uRT ~Wq^v%+{^t:r#<×yrp~j`[}R\o   Yrx`, %.No+{cK]>+q¸[zp+j~,jxxDf9]]#ȵ%b ɶD.TA <Ցi?'ǖ9SeKϧ+I(@:Ң A w0- J:4렉i aL?pP"j-oj禩Y g.௴kw[Hq\) ;~-02VW.=c8/D9,2~],,b]-vYvjwݢ~x%VkOƾ6wP+2,1Pa%,cV3rzװyV vGd_][͕dCKlo~ oL̘|7D,%m3$`/Tt#n*C(]M}]O5W\(dq8Bd!rӶG 8XCQDʆXFO ۗZ>0؝wx={n3H %Ɩn"Xgl/l@_R#Vd 2n<1&!`?:ѓ2(F`6LQ^WmP̟:hBš Ua%Xxs'kJk. xjEθ=M }d n={#$ ':J2okMI-|LFp*/R:y4t}g-5^/p#JNfGpf-BnWR4+=%WS, .x)m?8>bߩ # !>Zl(pneg?_ԶU}auʻ5(F*I4|3y8B6\ [˦:-~$Fbnzf?q0J> TvQV=T/x;ʰajfe˄gr#!~jyƧY*U,p=w3f8 6-J]T7vjݐײx)sDrfB7C[=Ol'󂍣Ǧ4hV~;47Byc9偒7J?V(VGaV`p1ex J:slIa1lɞx#X\x␾>Qt#G<ہ+߅wrTief+iR0}qǤiMkaO6\s]qnb4)T4Qve&VN]_)8W _DL}03'9]-[]H;h* [=(=\\悴=~g /98QHO=z1a{QdPY{p)fm8gj ?iR1N}c@6%Uq4:@S~=|Q1'xk%3N^ӵEr$Gsȣ۔z0\a(i24;-Vm儰1) +dՄ(Nʛ:h.gBW>bsY$^ :! CC}:']fJzlj&&!k،6SLhfFR֨{+M;\萼ŚҫtYX:SWS$b>XVh]`wtQ%BI>?/ѸgF LVԧ"]Т>* { ȸޑ"@ YZ